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CA  Application  Performance  Management  Solution.  The  Web  is  different.  People  just  don't  have  the  patience  for  anything  less 
than  silky  smooth,  wait-free  clicking— and  with  CA’s  Application  Performance  Management  (APM)  solution  that's  just  what  you'll 
give  them.  Because  with  a  total  view  of  your  business-critical  Web  applications,  and  a  deeper  understanding  of  your  customers' 
actual  experience,  you'll  make  that  experience  consistently  better.  You'll  pinpoint  problems  at  their  root  cause— from  browser  to 
back  end  — and  fix  them  before  your  customers  feel  them.  And  most  of  all,  you'll  ensure  the  online  face  of  your  company  is  making 
you  look  good.  Get  the  latest  information  on  the  industry-leading  APM  solution  at  ca.com/apm. 
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■  NEWS  DIGEST 

6  Nortel  hopes  its  Chapter  11  filing 
will  preserve  $2.4  billion  in  cash 
for  customer  support  uses.  |  A  federal 
judge  rules  that  a  hearing  in  a  music 
piracy  lawsuit  can  be  streamed 
live  on  the  Internet. 

8  Microsoft  issues  a  patch  to 
fix  three  Windows  bugs,  two  of 
which  could  damage  enterprise 
networks.  |  Problems  with  an  SAP 
project  contribute  to  a  jewelry 
chain’s  bankruptcy  filing. 

10  The  World  Bank  discloses 
that  Wipro  is  on  a  new-contract 
blacklist  -  just  like  fellow  offshore 
outsourcer  Satyam  is. 

■  NEWS  ANALYSIS 

12  Bartz  Looks  to 
Revive  Struggling 
Yahoo.  Analysts  think  the 
new  Yahoo  CEO’s  lack  of 
consumer  Internet  business 
experience  could  end  up 
benefiting  the  company. 

14  Wall  Street  Crisis  Forcing 
Closer  Look  at  E-records.  The 

fallout  in  the  financial  industry  may 
finally  compel  companies  to  start 
implementing  strong  electronic 
records  retention  systems. 


■  DEPARTMENTS 

18  The  Grill:  Pixel  Qi  CEO  Mary 

Lou  Jepsen  talks  about  One  Lap¬ 
top  Per  Child,  the  future  of  display 
technology  and  a  target  market  of 
7  billion  people. 


34  Security  Manager's 
Journal:  Eyeing  Risks  While 
Cutting  Spending.  How  do 

you  cut  15%  of  your 
budget  while  keeping 
the  company  secure? 

You  assess  the  risks, 
and  keep  your  fingers 
crossed. 


■  OPINION 

2  Editor’s  Note:  Don  Tennant 

says  a  casualty  of  the  economic 
downturn  that’s  less  immediate  than 
layoffs  is  the  loss  of  chances  to  share 
knowledge  and  experience. 

21  Gary  Anthes  explains  what  you 
and  Bernard  Madoff  have  in  common. 

35  Bart  Perkins  cautions  that 
you  should  check  the  waters  before 
jumping  ship  for  a  boutique  consult¬ 
ing  firm. 

40  Frankly  Speaking:  Frank 
Hayes  thinks  improving  software 
security  involves  more  than  making 
another  list  of  coding  errors. 


37  Career  Watch:  A  survey  finds, 
among  other  things,  that  IT  pros  hate 
workplace  politics  -  and  love  the 
History  Channel. 
And  Virtela  Com¬ 
munications  CEO 
Steve  King  offers 
some  advice 
to  would-be 
entrepreneurs. 

39  Shark  Tank:  A  pilot 
fish  finds  out  the  hard 
way  why  a  minicom¬ 
puter  keeps  failing. 
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28  Turning 
Up  the  Heat  to 
Save  Energy 

Temperatures  are  rising  in 
online  brokerage  Scottrade’s 
data  center.  And  that’s  a 
good  thing. 

32  Enterprise 
Linux?  Not  So  Fast. 

The  idea  of  migrating  corporate  systems  to  Linux 
has  been  gaining  popularity,  but  some  IT  leaders 
still  find  the  business  case  dubious. 
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The  Other  Casualty 

AS  EACH  DAY  PASSES,  more  lives  are  being  forever 
changed.  The  economic  downturn  is  claiming  al¬ 
most  overwhelming  numbers  of  human  casualties, 
creating  devastating  losses  for  families  all  over  the 
world.  The  toll  in  terms  of  livelihoods  lost  is  staggering. 


■  EDITOR’S  NOTE 


I  But  another  casualty 

!  that’s  less  immediate,  but 
>  increasingly  worrisome,  is 
}  the  loss  in  opportunities 
[  for  the  sharing  of  knowl- 
!  edge  and  experience. 

I  Last  October,  I  wrote 

I  about  the  emergence 
j  of  university  degree 
[  programs  in  IT  service 
I  management  and  why  I 
I  saw  that  as  a  welcome 
I  development.  I  singled  out 
]  Carnegie  Mellon  Univer- 
J  sity,  which  had  announced 
!  in  July  that  its  School  of 
I  Computer  Science  would 
1  offer  a  degree  called  a 
[  Master  of  Science  in  In- 
J  formation  Technology  in 
I  IT  Service  Management 
:  (MSIT-ITSM)  beginning 
i  in  the  fall  term.  Unfor- 
[  tunately,  as  I  learned  last 
[  week,  that  program  never 
J  really  happened. 

I  A  notice  posted  on  the 
I  MSIT-ITSM  Web  site  on 
;  Dec.  23  states,  “The  MSIT 
[  in  IT  Service  Management 
I  announced  by  the  School 
•  of  Computer  Science  will 
not  be  offered  in  the  Fall 
‘  of  2009,  given  the  current 
global  economic  and  finan- 
'  cial  crisis.  Any  decisions 
about  offering  a  program 
in  the  future  will  be  recon- 

» 

sidered  at  a  later  date.” 


According  to  Bill  Hefley, 
director  of  the  MSIT- 
ITSM  program,  the  deci¬ 
sion  was  made  by  Randy 
Bryant,  dean  of  the  School 
of  Computer  Science.  Bry¬ 
ant  had  informed  Hefley 
and  his  colleagues  of  the 
cancellation  on  Dec,  5. 

In  truth,  the  program 
never  even  got  oflF  the 
ground.  It  wasn’t  offered 
this  fall  after  all  because, 
Hefley  said,  approvals 
came  too  late.  He  noted 
that  he  and  his  colleagues 
are  teaching  “a  number 
of  the  planned  courses, 
drawing  on  students  from 
across  campus  interested 
in  the  topics.” 

But  not  even  that  is 
likely  to  continue,  because 
Hefley  and  several  other 
faculty  members  will  no 
longer  be  at  CMU  after 
this  year.  “The  official  line 
is  that  we  were  not  laid  off, 
but  that  our  appointments 

■  The  abortion  of 
the  MSIT-ITSM 
program  at  CMU  is 
symptomatic  of  an 
unhealthy  loss  of 
knowledqe-sharing 
opportunities. 


lapsed,”  Hefley  explained. 
Like  many  others  associat¬ 
ed  with  the  IT  profession, 
Hefley  is  looking  for  a  job. 

The  abortion  of  the 
MSIT-ITSM  program 
and  the  de  facto  layoffs  at 
CMU  are  symptomatic  of 
an  unhealthy  loss  of  both 
promising  and  established 
knowledge-sharing  op¬ 
portunities.  Earlier  this 
month,  the  SageCircle 
analyst  relations  blog 
broke  the  story  that  Gart¬ 
ner  is  canceling  its  spring 
Symposium/ITxpo  confer¬ 
ences  slated  for  Las  Vegas 
and  Barcelona  in  May. 

“While  a  number  of  fac¬ 
tors  influenced  this  deci¬ 
sion,  the  primary  reason  for 
the  change  is  the  current 
macro-economic  environ¬ 
ment  and  its  anticipated  im¬ 
pact  on  attendee  travel  and 
overall  event  attendance,” 
Gartner  said  in  a  statement 
to  SageCircle.  Gartner  also 
informed  the  SEC  that  it 
was  laying  off  117  employ¬ 
ees,  or  3%  of  its  workforce, 
but  it’s  unclear  whether  any 
of  the  layoffs  are  attribut¬ 
able  to  the  Symposium/ 
ITxpo  cancellations. 

And  then  there  was 
Novell’s  announcement 
last  month  that  it  was  can¬ 


celing  its  2009  BrainShare 
user  and  partner  confer¬ 
ence.  Last  week,  I  asked 
John  Dragoon,  senior  vice 
president  and  chief  mar¬ 
keting  officer  at  Novell, 
how  many  Novell  employ¬ 
ees  were  laid  off  as  a  result 
of  the  cancellation. 

“Zero,”  Dragoon  replied, 
noting  that  the  event  was 
canceled  because  of  cuts 
in  customer  travel  budgets. 
“Registration  was  track¬ 
ing  below  50%  of  normal, 
and  we  were  prepared  to 
scale  the  event  back  to  an 
equivalent  cost  to  Novell 
but  decided  to  cancel  for 
this  year  and  investigate 
alternate  methods  to  de¬ 
liver  the  information  and 
training  our  customers 
and  partners  are  seeking,” 
Dragoon  said.  “Employ¬ 
ees  who  were  working  on 
BrainShare  are  now  work¬ 
ing  on  these  alternatives,” 
which  will  include  online 
classes,  virtual  confer¬ 
ences  and  local  tours. 

That’s  certainly  encour¬ 
aging.  It’s  essential  that 
innovative  alternatives  to 
cost-prohibitive  academic 
and  commercial  knowledge¬ 
sharing  are  found  so  that 
the  knowledge  continues 
to  be  imparted  and  shared. 
Lost  opportunities  to  gain 
knowledge  will  only  exac¬ 
erbate  the  problem  of  lost 
jobs.  ■ 

Don  Tennant  is  Computer- 
world’s  senior  editor- 
at-large.  You  can  contact 
him  at  don_tennant@ 
computerworld.com,  and 
visit  his  blog  at  http:// 
blogs.computerworld.com/ 
tennant. 
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Today,  datacenters  eat  up  to  30  times  more  energy  per  square  foot  than  a 
typical  office.  The  answer:  IBM  green  datacenter  and  IT  services.  They 
can  help  you  implement  a  conservation  policy  and  measure,  manage  and 
report  on  real  results  against  it.  Many  IBM  customers  have  doubted  their*- 
IT  capacity;  others  have  reduced  energy  costs  by  40%  or  more.' A  greener 
world  starts  with  greener  business.  Greener  business  starts  with  IBM. 
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Take  the  first  step  toward  a  greener  datacenter  at  ibm.corhi/green/services 
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RESPONSES  TO; 

The  9  Hottest 
Skills  for  ’09 

Jan.  1,2009 

1  think  the  hot  skills  will  be  IT  posi¬ 
tions  that  require  face-to-face  con¬ 
tact,  i.e.,  program  managers,  busi¬ 
ness  analysts,  help  desk.  SAP  work 
is  heavily  outsourced  right  now,  so 
it  will  be  difficult  to  get  into.  SAP  is 
a  specialized  skill,  so  once  your  skill 
set  is  SAP,  you  better  pray  the  com¬ 
pany  keeps  going  until  you  retire, 
fl  Submitted  by:  Anonymous 

RESPONSE  TO: 

Won’t,  but  Should 

Jan.  5, 2009 

Another  reason  power  consump¬ 
tion  won’t  drop  appreciably  in  the 
average  data  center  is  that  the  ROI 
isn’t  there  soon  enough  to  make  it  a 
priority  in  today’s  economy. 

As  much  as  I  want  to  consign  it  to 
the  junk  heap,  my  aging  Exchange 
server  is  safe  in  its  rack  mounts  for 
time  being.  There’s  a  decent  busi¬ 
ness  case  for  replacement,  but  it 
isn’t  a  project  that’s  going  to  make 


it  to  the  capital  outlay  list  in  this 
environment. 

I  think  we  may  see  a  drop  in  aver¬ 
age  consumption,  as  components 
added  have  higher  efficiencies  —  but 
I  expect  that  few  systems  will  be 
retired  and  replaced  on  energy 
grounds  alone,  and  I  expect  that 
most  inefficient  systems  will  remain 
in  service  until  business  has  no  other 
choice  than  to  replace  those  systems 
or  the  economy  turns  around. 

B  Submitted  by:  pet  geek 

RESPONSE  TO: 

IT  Execs  Losing 
Ground  on 
Compensation, 

Salary  Study  Says 

Jan.  5, 2009 

Of  course  they  are.  With  the  open- 
source  movement,  everyone  ex¬ 
pects  IT  to  be  free.  You  reap  what 
you  sow. 

B  Submitted  by:  Anonymous 

JOIN  THE  CHAHER!  You,  too,  can 
comment  directly  on  our  stories 
at  computerworld.com. 


Find  these  stories  at  coniputerworld.com/more 


Ul  Goodies  in 
Windows  7  Beta  1 

Fast  and  stable,  the  beta  release 
of  Windows  7  unveils  some  in¬ 
triguing  user-interface  improve¬ 
ments,  including  the  much- 
anticipated  new  taskbar. 


10  Outlook  Fixes 

REVIEW:  Microsoft  Outlook  drives  a  lot  of 
users  crazy  in  a  variety  of  ways  -  from  slug¬ 
gish  performance  and  massive  bloat  to  cor¬ 
rupt  .pst  files  and  constant  crashes.  Here  are 
10  tips  to  make  Outlook  less  annoying. 


The  Satyam  Fraud’s  Fallout 

OPINION:  The  financial  fraud  perpetrated  by 
Satyam  Computer  Services  executives  could 
have  far-reaching  effects  on  IT  outsourcing, 
says  Shaalu  Mehra,  chairman  of  the  out¬ 
sourcing  and  India  practices  at  law  firm 
Perkins  Coie. 


Pushing  the  Linux  Enveiope 

HANDS-ON:  Popular  Linux 
distributions  Fedora,  openSUSE 
and  Ubuntu  feature  upgrades 
that  will  appeal  to  new  users 
and  long-term  enthusiasts 
alike.  We  review  each  one 
and  provide  video  run- 
throughs. 


IBM  collaboration  software  and  services  connect  people  faster  wherever 
they  are,  which  means  less  jet  fuel,  energy  and  money.  And  IBM  software’s 
advanced  deduplication  and  data  compression  can  lower  the  energy  and 
space  costs  of  your  collaboration  infrastructure  by  up  to  half.  A  greener  world 
starts  with  greener  business.  Greener  business  starts  with  IBM. 


SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

See  tRe  grb^en  demo  at  ibm.com/green/collaboration 
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NETWORKING 

Nortel:  Bankruptcy  Move 
Protects  Cash  for  Support 


WHEN  Nortel  Net¬ 
works  Corp.  filed 
for  protection  from 
creditors  in  the  U.S.  and 
other  countries  last  week, 
one  of  the  telecommunica¬ 
tions  equipment  vendor’s 
primary  goals  was  to  pre¬ 
serve  a  cash  holding  of 
$2.4  billion,  which  it  plans 
to  use  to  provide  ongoing 
support  to  customers. 

The  $2.4  billion  “is  an 
important  number  to  under¬ 
stand,”  said  Joel  Hackney, 
president  of  Nortel’s  enter¬ 
prise  solutions  unit.  “That 
money  allows  us  to  deliver 
products  we  have  commit¬ 
ted  to  customers  and  [con¬ 
tinue]  product  support.” 

Hackney  said  that  as  soon 
as  the  bankruptcy  filings 
were  announced,  he  called 
the  CIOs  at  Nortel’s  five 
largest  customers  to  explain 
the  move.  “They’re  savvy, 
and  they  get  it,”  he  said. 

IT  managers  who  might 
consider  switching  to  rival 


Nortel  filed  for  Chapter 
11  protection  in  U.S.  Bank¬ 
ruptcy  Court  in  Delaware 
and  also  sought  protection 
from  creditors  in  Canada. 

Some  of  its  European 
subsidiaries  are  expected 
to  file  for  protection  as  well. 

Nortel  said  it  has  “confi¬ 
dence”  that  Flextronics  In¬ 
ternational  Ltd.  will  continue 
to  manufacture  products 
for  it  on  a  contract  basis. 


vendors  should  look  at  why 
they  chose  Nortel  in  the  first 
place,  Hackney  added.  “I’m 
absolutely  convinced  that 
our  value  proposition  only 
gets  stronger  with  the  finan¬ 
cial  protections,”  he  said. 

Nortel  has  debts  of  about 
$4  billion  and  was  due  to 
make  a  $107  million  bond 
payment  last  week.  CEO 
Mike  Zafirovski  said  in  a 
statement  that  the  bank¬ 
ruptcy  filings  would  enable 


Nortel  must  be 
put  on  a  sound 
financial  footing  once 
and  for  all. 

MIKE  ZAFIROVSKI. 

THE  VENDOR’S  PRESIDENT  AND  CEO 
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THE  WEEK  AHEAD 

MONDAY:  The  Lotusphere  2009  conference,  focusing  on 
IBM’s  Lotus  software  products,  opens  in  Orlando. 

TUESDAY:  IBM  plans  to  report  its  Q4  financial  results.  Also 
scheduled  to  hie  earnings  reports  this  week  are  Apple  on 
Wednesday  and  Microsoft,  Google  and  AMD  on  Thursday. 

THURSDAY:  The  Social  Networking  Conference  opens  in 
Miami.  The  agenda  includes  sessions  on  topics  such  as 
business  strategies  and  revenue  models  for  social  networks. 


the  company  to  restructure 
and  narrow  its  focus. 

The  International  Nortel 
Networks  Users  Associa¬ 
tion,  a  Chicago-based  group 
with  about  4,000  members, 
issued  a  statement  saying 
that  the  filings  will  give  the 
vendor  “an  opportunity  to 
truly  focus  on  strengthen¬ 
ing”  its  financial  position. 

“Chapter  11  is  simply  a  re¬ 
structuring  tool,  and  Nortel 
is  not  going  away,”  Victor 
Bohnert,  the  INNUA’s  ex¬ 
ecutive  director,  said  in  an 
interview. 

Nortel’s  filings  “give  me 
no  pause  at  all,”  said  Pierre- 
Eric  Belzile,  executive  di¬ 
rector  of  information  and 
communication  technology 
for  the  Montreal  Canadiens 
hockey  team.  “I’m  a  big  user 
and  a  big  supporter.” 

The  Canadiens  recently 
installed  IP  phones  from 
Nortel,  and  the  team  uses 
the  vendor’s  gear  to  support 
a  ticket-sales  call  center  and 
the  ticket-scanning  system  at 
the  Bell  Centre,  its  rink. 

Zeus  Kerravala,  an 
analyst  at  Yankee  Group 
Research  Inc.,  said  Nortel 
might  not  have  had  to  seek 
protection  from  its  credi¬ 
tors  if  the  economy  hadn’t 
soured  so  sharply.  But  he 
gave  the  company  a  rating 
of  just  4,  on  a  scale  of  1  to 
10,  for  its  technology  inno¬ 
vation.  “Where,”  he  asked, 
“can  Nortel  lead?” 

—  Matt  Hamblen 
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U.^DMc¥  Judge  Nancy 
lilt  week  autho- 
thf’feiptroeii^ew^ 
L  Network  to  send  a  live 


video  feed  of  the  hearing  to 
Harvard  University's  Berk- 
man  Center  for  internet  & 
Society.  The  center,  in  turn, 
f  ^wiii  stream  the  video  on  its 
Website. 

m  The  RIAA  argued  that  the 
streaming  could  preiudice 
:  potential  iurors  -  a  claim 
'  that  Gertner  labeled  “spe¬ 
cious."  However,  she  limited 
the  streaming  to  this  week’s 
hearing,  saying  she  would 
later  decide  whether  to  allow 
it  in  subsequent  proceedings. 

-JAIKUMARVIJAYAN 


Charles  Nesson, 
a  Harvard  professor 
representing  the 
defendant,  asked 
for  the  live  stream¬ 
ing  so  Web  users 
could  ‘see  what’s  at 
stake’  in  the  case. 
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Microsoft  Issues  Patches 
For  ‘Nasty’  Windows  Bugs 
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Microsoft  corp. 
last  week  patched 
three  vulnerabili¬ 
ties  in  the  Server  Message 
Block  (SMB)  file-sharing 
protocol  in  Windows, 
including  two  that  could 
make  “Swiss  cheese”  out 
of  enterprise  networks,  ac¬ 
cording  to  one  researcher. 

“This  is  super  nasty,” 
said  Eric  Schultze,  chief 
technology  officer  at  Shav- 
lik  Technologies  LLC,  a  St. 
Paul,  Minn.-based  maker  of 
patch  management  tools. 

Microsoft  rated  two  of 
the  bugs  as  “critical”  and 
the  third  as  “moderate.” 
Schultze  said  the  critical 
bugs  are  extremely  danger¬ 
ous  because  attackers  can 
exploit  them  by  simply 
sending  malformed  data  to 


ft  Microsoft  patched  flaws  that 
threaten  enterprise  networks. 

unpatched  machines. 

Andrew  Storms,  director 
of  security  operations  at 
nCircle  Network  Security 
Inc.,  speculated  that  the 
latest  bugs  were  found  by 
researchers  using  informa¬ 
tion  disclosed  in  SMB  fixes 
Microsoft  released  in  Octo¬ 
ber  and  November. 

Microsoft  last  week  also 
issued  the  first  patch  for 
the  Windows  7  operating 
system  beta  it  had  released 
days  earlier.  That  update 
fixes  a  flaw  that  shaves  sev¬ 
eral  seconds  of  audio  from 
any  edited  MP3  file. 

Microsoft  acknowledged 
that  it  did  not  fix  a  known 
vulnerability  in  the  SMB  in 
Windows  7.  A  spokesman 


said  the  bug  will  be  fixed  in 
“the  next  public  release  for 
Windows  7.” 

The  latest  update  also 
didn’t  include  a  SQL  Server 
patch  that  was  expected  by 
some  researchers. 

Microsoft  last  month 
said  that  older  versions  of 
its  SCy^  Server  database 
contained  a  critical  vulner¬ 
ability  and  that  attack  code 
had  been  released.  “I’m 
not  sure  what’s  happening. 
Until  last  week,  we  were  all 
geared  up  for  that  fix,”  said 
Wolfgang  Kandek,  CTO  at 
Qualys  Inc. 

Meanwhile,  F-Secure 
Corp.  said  that  a  worm  that 
exploits  a  months-old  Win¬ 
dows  bug  infected  more 
than  a  million  PCs  in  a  24- 
hour  period  last  Tuesday 
and  Wednesday.  Overall, 
the  security  firm  estimates 
that  3.5  million  PCs  have 
been  compromised  by  the 
“Downadup”  worm. 

Based  on  scans  of  sev¬ 
eral  hundred  thousand 
Windows  PCs,  Qualys  con¬ 
cluded  that  about  30%  have 
not  been  patched.  Micro¬ 
soft,  along  with  research¬ 
ers  at  firms  like  Symantec 
Corp.  and  Panda  Security, 
blamed  lackadaisical  patch¬ 
ing  for  the  infections. 

—  Gregg  Keizer 


Short 

Takes 

Deli  inc.  has  agreed  to 
pay  $3.85  million  to  46 
states  to  settle  complaints 
that  it  used  deceptive 
sales  practices.  The  com¬ 
pany  did  not  admit  wrong¬ 
doing  but  agreed  to  pay 
$1.5  million  to  customers. 
It  will  use  the  remaining 
$2.35  million  to  reimburse 
the  states  for  legal  costs. 

Seagate  Technology 
LLC  announced  that  it  is 
replacing  CEO  William 
Watkins  with  Chairman 
Stephen  Luczo.  Watkins, 
who  had  succeeded  Luczo 
as  CEO  in  July  2004,  will 
remain  at  the  company  to 
help  with  the  transition. 

As  expected,  Intel  Corp. 
reported  that  its  fourth- 
quarter  profit  plunged  ' 
90%  to  $234  million.  The 
Atom  chip  was  a  bright 
spot;  its  sales  were  up 
50%  over  the  third  quar¬ 
ter,  to  $300  million. 

Motorola  Corp.  said  it 
plans  to  lay  off  4,000  em¬ 
ployees,  mostly  from  its 
mobile  device  business, 
in  addition  to  the  3,000 
layoffs  announced  previ¬ 
ously.  The  company  also 
said  that  its  fourth-quarter 
results  will  fall  short  of 
analysts’  estimates. 


SOFTWARE 

Jeweler  Cites  SAP  Project 
In  Its  Bankruptcy  Filing 


AfS  ENGLEWOOD.  Colo.-based 
jewelry  retailer  said  that  cost 
overruns  and  functionality 
issues  related  to  an  SAP  soft¬ 
ware  implementation  were 
partially  to  blame  for  its  move 
last  week  to  file  tor  Chapter  11 
bankruptcy  protection. 

Shane  Co.  did  note  in  papers 
filed  with  the  U.S.  Bankruptcy 
Cour  t  in  Denver  that  the  move 


was  mostly  due  to  a  “pre¬ 
cipitous  decline  in  retail  sales, 
particularly  in  luxury  goods,” 
during  the  current  recession. 

Shane  agreed  in  2005  to  buy  a 
“sophisticated  point-of-sale  and 
inventory  management  system” 
from  SAP  AG  that  would  cost 
SB  million  to  $10  million  and 
could  be  rolled  out  within  a  year. 

•  The  rollout  took  32  months  and 


ft  Inventory  app  snafus  contrib¬ 
uted  to  Shane’s  financial  woes. 


cost  $36  million,  it  said. 

When  employees  started  us¬ 
ing  system  in  September  2007, 
it  “did  not  yet  provide  accurate 
inventory  count  numbers,”  and 
the  stores  became  “substan¬ 
tially  overstocked,”  Shane  said. 

The  SAP  system  “became 


stable  and  functional”  toward 
the  end  of  2008  but  still  doesn’t 
deliver  “the  full  functionality 
originally  contracted  for,”  the 
filing  said. 

In  separate  statements, 

Shane  and  SAP  said  they 
continue  to  have  a  strong  work¬ 
ing  relationship.  SAP  said  it 
believes  “the  bankruptcy  filing 
inaccurately  summarizes  the 
implementation  and  cast  SAP 
in  an  unfair  light.” 

-  CHRIS  KANARACUS, 
IDG  NEWS  SERVICE 
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Wipro  Preceded  Satyam  on 
World  Bank’s  IT  Blacklist 


IN  2000,  IT  services  firm 
Wipro  Technologies 
gave  senior  IT  staffers 
at  The  World  Bank  Group 
a  chance  to  buy  stock  in 
parent  company  Wipro  Ltd. 
under  a  family-and-friends 
program,  as  part  of  an  IPO 
in  the  U.S.  Bank  employees 
bought  about  1,750 
shares,  paying  a 
total  of  $72,000. 

Nine  years 
later,  on  Jan.  11,  the 
Washington-based 
World  Bank  dis¬ 
closed  that  Wipro 
is  on  a  blacklist 
of  companies  barred  from 
receiving  new  contracts. 

The  financial  institution 
said  it  imposed  the  four-year 
ban  on  the  company  in  June 
2007  for  “providing  improp¬ 
er  benefits  to  bank  staff.” 

The  Wipro  disclosure  fol¬ 
lowed  an  announcement  last 
month  that  the  World  Bank 
had  put  another  India-based 
outsourcer,  Satyam  Com¬ 
puter  Services  Ltd.,  on  its 
vendor  blacklist  in  Septem¬ 
ber.  Satyam,  which  has  since 
been  hit  by  an  accounting 
scandal,  has  been  banned 
for  eight  years,  for  the  same 
reason  as  Wipro  and  for  not 
being  able  to  document  fees 
charged  by  subcontractors. 

A  World  Bank  spokesman 
said  last  week  that  the  bank 
publicly  announced  the 
Satyam  ban  after  seeing  re¬ 
marks  by  a  company  official 
denying  that  the  outsourcer 
was  on  the  blacklist. 

The  bank  subsequently 
decided  to  identify  all  of  the 
companies  on  the  list  in 
the  interest  of  faii  r.-ss  and 
transparency,”  ac'  Oi  ;o 
the  Jan.  11  announceiiiont. 
Wipro  defended  the  stock- 


purchase  offer  to  World 
Bank  employees.  Girish  S. 
Paranjpe,  one  of  the  two 
joint  CEOs  of  Wipro  Tech¬ 
nologies,  described  the  offer 
as  “a  goodwill  gesture.” 

Peter  Brudenall,  an  attor¬ 
ney  at  Hunton  &  Williams 
LLP  in  London,  said  the 

cases  of  Satyam 
and  Wipro  are 
likely  isolated 
examples,  not  an 
indication  that 
there’s  something 
fundamentally 
wrong  with  In¬ 
dia’s  outsourcing 
industry.  But,  he  added,  the 
Indian  government  should 
require  companies  to  pro¬ 
vide  more  transparent  views 
into  their  financial  records. 

—  Patrick  Thibodeau 


Global , 
Dispatches 


Vietnam  Pushes 
Open-Source  Apps 

HANOI,  Vietnam  -  The  Viet¬ 
nam  Ministry  of  Information 
and  Communications  last  week 
mandated  that  government 
agencies  start  installing  open- 
source  applications  such  as 
0pen0fhce.org  and  the  Firefox 
browser  by  the  end  of  June. 

According  to  VietnamNet, 
a  government-owned  news 
service,  at  least  half  of  the 
employees  in  each  government 
agency  should  have  access  to 
some  open-source  programs 
by  the  June  deadline. 

Vietnam  is  aiming  for  all  em¬ 
ployees  to  be  trained  to  use  the 
applications  by  the  end  of  2010. 

In  recent  years,  Vietnam  has 
put  a  priority  on  promoting  the 
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BETWEEN  THE  LINES  By  John  Klossner 


I 


Apple  Inc.  CEO  Steve  Jobs 
said  he  is  taking  a  leave  of 
absence  through  June  to 
deal  with  health  issues  that 
are  “more  complex”  than 
he  initially  thought.  Jobs 
disclosed  Jan.  5  that  he  has 
a  “hormone  imbalance.” 

Because  of  the  recession, 
Gartner  Inc.  said  it  is  can¬ 


celing  the  spring  editions  of 
its  Symposium/ITxpo  that 
were  scheduled  for  May  in 
Las  Vegas  and  Barcelona. 

The  TJX 

Companies  inc.  disclosed  a 
security  breach  that  it  later 
said  resulted  in  the  theft  of 
45.6  mijiion  payment  card 
numbers  over  18  months. 


use  of  open-source  software 
with  an  eye  toward  halting  the 
use  of  pirated  software  and 
developing  its  own  software 
outsourcing  industry. 

Jeremy  Kirk, 

IDG  News  Service 


al  infrastructure  and  service 
delivery  wing.  The  company 
said  the  affected  jobs  will  not 
be  moved  offshore. 

Leo  King, 

Computerworld  U.K. 

BRIEFLY  NOTED 


For  the  second  time,  Infosys 
Technologies  Ltd.  has  lowered 
its  revenue  forecast  for  the 
fiscal  year  ending  March  31. 
The  Mumbai-based  outsourcer 
is  now  projecting  that  fiscal 
2009  revenue  will  range  from 
$4.67  billion  to  $4.71  billion, 
for  a  year-to-year  increase  of 
11.8%  to  12.8%. 

John  Ribeiro, 

IDG  News 
Service 


Barclays  to  Cut 
400  More  IT  Jobs 


LONDON- Barclays  PLC  last 
week  said  it  plans  to  trim  more 
than  400  IT  staffers  in  addition 
to  the  1,800  layoffs  announced 
last  July.  The  financial  ser¬ 
vices  firm  blamed  a  tough 
economy  that  continues  to 
squeeze  U.K.  banks. 

The  company  said  that  it 
plans  to  cut  158  permanent 
jobs  and  250  contractor  posi¬ 
tions  over  an  unspecified  pe¬ 
riod.  A  spokesman  said  that  the 
affected  posts  duplicated  other 
roles  or  had  become  obsolete. 

The  latest  layoffs  will 
come  from  the  bank’s  glob- 
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Bartz  Looks 
To  Revive 
Struggling 
Yahoo 

Analysts  say  that  the  new 
CEO  could  rekindle  talks 
with  Microsoft.  By  Sharon 
Gaudin  and  Stephen  Lawson 


LTHOUGH  new 
Yahoo  Inc.  CEO 
Carol  Bartz  lacks 
consumer  Internet 
experience,  analysts  say  her 
forceful  style  should  serve 
the  struggling  Internet  pio¬ 
neer  well. 

“A  lot  of  people  have  been 
surprised,  but  I  think  she’s 
a  tremendous  choice,”  said 
David  Card,  an  analyst  at 
Forrester  Research  Inc. 

“Being  a  CEO  is  about 
strategy,  executing  big-pic¬ 
ture  stuff  and  raising  capital. 
Whether  she’s  an  Internet 
person  isn’t  the  issue.  She’s 
in  the  top  quintile  of  CEOs 
—  the  top  20%,”  Card  added. 

Bartz  joined  Yahoo  early 
last  week  after  a  long  stint 
atop  Autodesk  Inc.,  a  maker 
of  design  software. 

She  replaces  Yahoo  co¬ 
founder  Jerry  Yang,  who 
stepped  down  last  Novem¬ 
ber  after  Microsoft  Corp. 
ended  its  effort  to  buy  the 
Sunnyvale,  Calif.-based 
firm.  Yang  was  also  at  the 
dm  during  the  breakdown 


of  an  online  advertising  deal 
with  Google  Inc.,  and  two 
rounds  of  layoffs. 

Yang  will  reassume  his 
former  post  of  “Chief  Ya¬ 
hoo”  and  remain  on  the 
company’s  board.  Bartz  ap¬ 
plauded  Yang’s  continuing 
role  in  the  company.  “No 
one  knows  more  about  Ya¬ 
hoo  than  Jerry,”  she  said. 

The  company  also  an¬ 
nounced  that  Sue  Decker,  a 
close  supporter  of  Yang  who 
had  been  a  candidate  for  the 
CEO  position,  has  resigned 
as  president  of  Yahoo. 

In  a  press  briefing,  Bartz 
said  she  plans  to  talk  to 
employees,  customers  and 
investors  as  she  develops  a 
rebound  strategy. 

She  wouldn’t  say  how 
long  it  will  take  to  develop 
that  plan.  “Let’s  not  put  our¬ 
selves  on  some  crazy  time¬ 
line.  Let’s  let  this  process 
evolve,”  she  said. 

In  general,  though,  she 
said  that  Yahoo  should  fo¬ 
cus  on  being  the  top  compa¬ 
ny  in  all  of  its  markets  and 


on  creating  new  geographic 
and  vertical  businesses. 

“I  wouldn’t  have  taken  the 
job  if  I  didn’t  believe  there’s 
a  huge  opportunity  here,” 
Bartz  added.  “I  just  see  this 
as  a  company  with  enormous 
assets  that,  frankly,  could 
use  a  little  management.” 

Dari  Olds,  an  analyst  at 
Gabriel  Consulting  Group 
Inc.,  speculated  that  the 
change  in  leadership  could 
lead  to  a  resumption  of  talks 
between  Yahoo  and  Micro¬ 
soft  about  a  merger  or  other 
arrangement. 

“I  would  expect  her  to 
take  a  hard  look  at  a  poten¬ 
tial  deal  and  evaluate  it  on 
its  business  merits,”  he  add¬ 
ed.  The  previous  manage¬ 
ment  team,  he  said,  appeared 
“much  more  interested  in 
remaining  independent  from 
Microsoft  at  all  costs.” 

OPPORTUNITY  REVISITED 

In  early  May,  Microsoft 
broke  off  negotiations  to 
buy  Yahoo,  contending  that 
the  Internet  firm  had  over¬ 
valued  itself.  A  month  later, 
Yahoo  ended  talks  about  a 
narrower  deal  in  which  Mi¬ 
crosoft  sought  to  purchase 
the  Yahoo  search  engine. 

Gartner  Inc.  analyst  Neil 
MacDonald  said  that  an 
agreement  with  Microsoft 
could  help  the  new  CEO 
implement  her  plan. 

“From  a  search  perspec¬ 
tive,  Microsoft  needs  Yahoo 
and  Yahoo  needs  Microsoft 
if  they  are  to  create  a  cred¬ 
ible  alternative  to  Google,” 
he  said  in  an  e-mail.  “An 
infusion  of  cash  from  Micro¬ 
soft  could  enable  the  new 
CEO  to  reinvigorate  the  Ya¬ 
hoo  brand  and  properties.” 

On  the  other  hand,  Greg 
Sterling,  an  analyst  at  Ster¬ 
ling  Market  Intelligence, 
said  he  expects  Bartz  to 
maintain  Yahoo’s  indepen¬ 
dence  for  as  long  as  possible. 

“It’s  not  a  given  she’ll  sell 
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I  wouldn’t 
have  taken 
the  job  if  I  didn’t 
believe  there’s  a 
huge  opportunity 
here.  I  just  see 
[Yahoo]  as  a 
company  with 
enormous  as¬ 
sets  that,  frankly, 
could  use  a  little 
management. 

CAROL  BARTZ, 

CEO.  YAHOO  INC. 


the  business,”  he  said,  not¬ 
ing  that  comments  Bartz 
made  during  a  conference 
call  last  Tuesday  point  to 
her  intention  to  “settle  in  for 
the  longer  term.” 

“She  has  talked  like  some¬ 
one  who  is  pretty  passionate 
about  the  opportunity”  to 
pull  Yahoo  out  of  its  slump. 
Sterling  said. 

Olds  described  Bartz  as 
“the  definition  of ‘adult  man¬ 
agement.’  [She]  has  shown 
herself  to  be  able  to  grow 
companies  through  both 
good  and  bad  times.”  He  also 
suggested  that  Bartz’s  lack  of 
experience  in  Internet  busi¬ 
nesses  “will  be  a  benefit  to 
the  company.  She  will  bring 
a  forceful  pragmatism  that  I 
believe  is  missing.  I  see  her 
as  a  force  that  can  change 
the  culture  at  Yahoo.” 

Bartz  was  president  and 
CEO  of  Autodesk  for  14 
years  before  stepping  down 
in  2006  and  taking  the  post 
of  executive  chairman  of  the 
board.  Previously,  she  was 
an  executive  at  Sun  Micro¬ 
systems,  Digital  and  3M.  ■ 
Elizabeth  Montalbano  and 
Juan  Carlos  Perez  of  the 
IDG  News  Service  contrib¬ 
uted  to  this  story. 
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SunGard  Availability  Services  help  your  business  move  forward  with 
the  most  advanced  and  widest  choice  of  information  availability  options 
in  the  industry 


From  virtualization  to  hot  sites  to  replication  and  vaulting— SunGard  Availability  Services 
does  it  all.  And  it's  all  we  do.  That  kind  of  focus  helps  ensure  high  availability  of  data, 
applications  and  systems  and  fits  your  needs  and  budget  precisely. 


When  we  partner  with  you,  you  worry  less  about  the  road  ahead.  Flere’s  why: 
a  track  record  of  100%  successful  recoveries;  over  60  facilities  with  redundant 
power  connected  to  SunGard’s  secure  global  network;  and  more  than  20,000  end- 
user  positions  in  facilities  across  North  America  and  Europe.  SunGard  Availability 
Services— the  information  availability  solution  for  businesses  that  must  run  non-stop. 
Keep  moving,  call  1-800-468-7483  or  visit  www.availability.sungard.com. 


SUNCSARD' 

Availability  Services 


Keeping  People 
and  Information 
Connected.^ 
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Wall  Street 
Crisis  Forcing 
Closer  Look 
At  E-records 

l^anks  must  implement  strong 
data-retention  systems  as  oversight 
increases.  By  Lucas  Mearian 


The  financial  crisis 
on  Wall  Street  has 
prompted  numer¬ 
ous  investigations 
into  the  lending  practices  of 
financial  services  firms,  and 
they  all  have  a  similar  focus: 
Who  knew  what,  and  when 
did  they  know  it? 

With  a  robust  electronic 
records  retention  system 
in  place,  companies  could 
quickly  answer  such  ques¬ 
tions.  However,  industry 
observers  note,  few  of  the 
records-retention  regula¬ 
tions  enacted  over  the  past 
decade  have  been  strongly 
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enforced,  and  most  compa¬ 
nies  have  done  little  to  com¬ 
ply  with  them. 

Analysts  warn  that  the 
fallout  from  the  Wall  Street 
meltdown  will  quickly  lead 
to  stricter  enforcement  of 
existing  laws  —  including 
the  Sarbanes- Oxley  Act, 
the  Electronic  Signatures  in 
Global  and  National  Com¬ 
merce  Act,  the  U.S.  Securi¬ 
ties  and  Exchange  Commis¬ 
sion’s  Rule  17A-4,  and  the 
Gramm-Leach-Bliley  Act 
—  and  perhaps  some  new 
ones  targeting  the  financial 
services  industry. 

At  the  same  time,  the 
health  care  industry  faces 
more  scrutiny  as  it  hastens 
to  move  to  a  national 
e-health  system. 

Today,  only  10%  to  15% 
of  U.S.  corporations  have 
electronic  records  retention 
systems  in  place,  according 
to  Gartner  Inc.  “In  terms  of 
a  good  electronic  records 
systems,  1  would  say  it’s 
closer  to  zero,”  said  Debra 
Logan,  an  analyst  at  the  con¬ 
sulting  firm. 

“There  will  be  an  increase 
in  regulations,”  predicted 
Hugo  Torres,  IT  director 
at  Coral  Gables,  Fla.-based 
Great  Florida  Bank.  “We’ve 
gotten  wind  of  it.  We’ll  be 
more  heavily  regulated  than 
before.” 

Until  two  years  ago,  Tor¬ 
res  said,  it  was  common 
for  four  bank  examiners  to 
audit  Great  Florida  Bank 
annually.  Last  year,  as  the 
crisis  grew,  12  examiners 
inspected  its  records.  Torres 
said  he’s  bracing  for  even 
more  auditors  in  2009,  as 
state  and  federal  agencies 
scour  every  commercial  and 
consumer  loan  to  make  sure 
that  the  banks  performed 
adequate  due  diligence  to 
determine  the  borrowers’ 
ability  to  pay. 

Logan  said  that  stronger 
Continued  on  page  16 
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Storage  Networking  World  (SNW),  in  conjunction  with 
Computerworld  and  the  Storage  Networking  Industry 
Association  (SNIA),  is  seeking  IT  user-organization  case 
study  submissions  for  its  “Best  Practices  in  Storage” 
Awards  Program. 


Eligible  nominees  are  exclusively  IT  end-user 
organizations.  Nominations  of  IT  end-user  organizations 
are  accepted  from  IT  users  themselves,  their  public 
relations  representatives,  or  vendors  on  behalf  of  their  IT 
end-user  customers.  Multiple  submissions  of  case  studies 
describing  different  deployments  per  IT  end-user/ 
organization  will  be  considered. 


Honorees  and  Finalists  will  be 
recognized  in  each  of  the  following 
five  categories: 

•  Innovation  and  Promise 

•  Planning,  Designing  and 
Building  a  Strategic  Storage 
Infrastructure 

•  ROI  and  Best  Practices  In  Green 
Computing  and  the  Data  Center 


Five  finalists  in  each  category  will  be  recognized  at 
Storage  Networking  World,  April  6-9, 2009,  at  the  Rosen 
Shingle  Creek  in  Orlando,  Florida.  The  top  honoree  in 
each  category  will  be  recognized  on  the  main  stage  during 
the  SNW  Awards  Ceremony.  All  finalists  will  be 
recognized  on  the  event  website,  in  an  event  press 
release,  and  may  be  featured  in  a  special  supplement 
of  Computerworld  magazine. 


The  deadline  to  submit  a  nomination: 

Friday,  February  9, 2009 

To  submit  or  for  more  information,  visit: 
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•  Selecting  and  Deploying 
Storage  Networks 


•  Storage  Reliability  and 
Data  Recovery 
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Continued  from  page  14 
retention  systems  will  also 
help  companies  to  better 
defend  themselves  against 
legal  action  by  disgruntled 
customers  or  employees. 

“The  amount  of  litigation 
that’s  going  to  be  generated 
out  of  this  Wall  Street  melt¬ 
down  is  going  to  be  unbe¬ 
lievable.  The  regulators  will 
be  asking  the  banks  what 
happened,”  Logan  said.  Law¬ 
suits  stemming  from  prob¬ 
lems  at  government-backed 
mortgage  finance  companies 
Freddie  Mac  and  Fannie 
Mae  “will  result  in  systemic 
change,”  she  added. 

Bill  Savarino,  a  partner  at 
Washington-based  law  firm 
Cohen,  Mohr  LLP  and  an 
expert  in  e-mail  retention 
and  other  regulatory  issues, 
said  he  expects  that  Con¬ 
gress  will  overreact  to  the 
Wall  Street  crisis  and  enact 
new  legislation. 


Bank  Installs 
$500,000 
Archiving 
System 

AFTER  COMPLETING  an 
initial  public  offering  two 
years  ago,  Great  Florida 
Bank  installed  a  complete 
electronic-documents 
archive  and  e-discovery 
system  to  deal  with  the 
additional  regulatory  over¬ 
sight  facing  publicly  held 
financial  institutions. 

The  e-discovery  system, 
from  Santa  Clara,  Calif.- 
based  Mimosa  Systems 
Inc.  -  along  with  two  Hita¬ 
chi  storage-area  networks. 
Exchange  and  a  SQL  server 
cluster  upgrade  -  cost 


“I  don’t  know  if  it’s  nec¬ 
essary,”  he  said.  “If  they 
enforce  the  stuff  they’ve  got 
we  should  be  fine.” 

Savarino,  who  has  been 
advising  IT  managers  on 
data  retention  issues  for  the 


$500,000,  and  it  was 
worth  every  penny,  said  IT 
Director  Hugo  Torres. 

Now  ail  of  the  bank’s 
e-mail  and  electronic  docu¬ 
ments  are  automatically 
indexed  and  stored  on  the 
two  SANs,  which  replicate 
the  data  for  disaster  re¬ 
covery. 

Torres  said  the  system  is 
very  helpful  in  the  auditing 
process  and  will  likely  help 
the  bank  deal  with  any  law¬ 
suits  hied  against  it  by  ex¬ 
employees  or  customers. 

Great  Florida  Bank,  which 
employs  275  people  and 
has  26  branch  offices  in 
three  counties,  maintains 
32  servers  in  its  data 
center. 


past  seven  years,  said  com¬ 
panies  that  are  implement¬ 
ing  retention  systems  today 
often  do  little  more  than 
keep  data  for  30, 60  or  90 
days  and  then  hit  the  delete 
button.  In  such  cases,  legacy 


documents  are  unavailable 
and  it  isn’t  possible  to  show 
trends  over  time,  he  noted. 

“I  do  not  subscribe  to 
the  30-,  60-,  90-day  policy. 

I  think  they  are  woefully 
inadequate,  and  I  don’t 
think  they  comply  with 
most  rules  and  regulations,” 
Savarino  said.  “When  regu¬ 
lators  audit  regularly  and 
investigate  regularly,  that’s 
when  they’re  going  to  start 
discerning  who’s  keeping 
e-mail  and  who’s  not.  They 
just  haven’t  been  doing  that 
on  a  regular  basis.” 

Savarino  said  IT  man¬ 
agers  and  corporate  legal 
departments  should  take 
the  following  three  steps 
to  prepare  for  the  coming 
oversight  onslaught: 

■  Learn  what  the  data  re¬ 
tention  laws  require  specific 
industries  to  do. 

■  Install  packaged  ar¬ 
chival  and  retrieval  tools. 


-  LUCAS  MEARIAN 
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because  it’s  too  difficult  to 
handle  those  tasks  manually. 

■  Utilize  outside  legal 
counsel. 

“I  know  that  sounds  self- 
serving,”  Savarino  acknowl¬ 
edged,  “but  outside  lawyers 
can  help  companies  figure 
out  what  the  laws  are  and 
establish  retention  sched¬ 
ules  and  determine  how  to 
set  up  electronic  archive 
‘buckets’  to  hold  on  to  e-mail 
and  documents.” 

Lawyers  can  also  help 
set  policies,  procedures 
and  parameters  to  deal 
with  litigation  holds,  which 
require  firms  on  notice 
of  a  potential  lawsuit  or 
government  investigation 
to  retain  all  potentially  rel¬ 
evant  electronic  documents. 
Two  years  ago.  Congress 
approved  the  Federal  Rules 
of  Civil  Procedure,  which 
set  a  baseline  for  which 
electronic  documents  must 


be  retained  and  retrievable 
by  corporate  litigants  in  a 
court  case. 

Nonetheless,  most  com¬ 
panies  “are  standing  there 
like  deer  in  the  headlights,” 
Logan  said. 

“We  have  to  have  a  more 
disciplined  process  for 
working  with  electronic  rec¬ 
ords  regulations,”  she  said. 
“We  need  to  have  people 
in  charge  of  managing 
information  for  the  entire 
company.  Today,  everyone’s 
expected  to  manage  their 
own  data.” 

As  e-discovery  pressures 
grow,  companies  and  regu¬ 
lators  must  work  together  to 
determine  which  business 
documents  are  truly  criti¬ 
cal,  Logan  added.  “People 
have  to  start  throwing  stuff 
away.  It’s  not  all  precious,” 
she  said.  “There  needs  to  be 
some  change  to  separate  the 
wheat  from  the  chaff.”  ■ 


Health  Care 
Firm  Turns  to 
E-discovery 
After  Lawsuit 

WYOMING  VALLEY  Health 
Care  System  Inc.  turned 
to  CommVault  Systems 
Inc.’s  Simpana  e-discovery 
software  last  March  after 
a  lawsuit  was  hied  against 
one  of  its  hospitals. 

Howard  Dowell,  a 
network  analyst  at  the 
Wilkes-Barre,  Pa.-based 
health  care  provider,  said 
the  software  automatically 
indexed  four  years’  worth 
of  e-mail  over  a  weekend 
and  provides  a  Google-like 
search  engine  for  retrieving 
documents.  ^ 

“Our  system  is  giving  us 
results  in  seconds,”  Dowell 
said,  noting  that  it  can  be 
used  to  search  by  keyword, 
phrase,  date  or  sender. 
f-"  “Basically,  I  get  it  back 


like  a  Google  search  page 
with  all  the  hits,”  he  added. 
“I  can  save  it  as  a  .pft  or  .zip 
hie  and  examine  it  later.” 

Wyoming  Valley  Health 
Care’s  data  center  runs 
200  servers,  90%  of  which 
are  Wintei  boxes,  and  it 
has  1,200  e-mail  users. 
Electronic  documents  are 
indexed  on  two  servers 
and  then  stored  on  an  EMC 
Clariion  SAN. 

Many  health  care  hrms  are 
turning  to  such  systems  as 
the  federal  government  in¬ 
creases  emphasis  on  setting 
up  electronic  health  records 
systems  and  enforcing  the 
Health  Insurance  Portability 
and  Accountability  Act. 

In  addition,  an  increase 
in  the  number  of  lawsuits 
against  health  care  provid¬ 
ers  has  forced  them  to 
implement  measures  to 
better  protect  patient  data 
and  store  it  for  set  periods 
of  time. 

-  LUCAS  MEARiAN 


All  those  competing  information  requests  can  make  you  dizzy. 


The  CEO  needs  to  know  P&L  performance  by  business  unit.  The  CFO  needs  to  know  he’s  meeting  compliance 
regulations.  And  a  dozen  business  managers  need  to  know  how  to  increase  output  but  not  staff. 

Trying  to  help  them  all  isn’t  easy.  But  it  could  be  easier  —  with  IBM  Cognos  8  Business  Intelligence,  part 
of  IBM’s  Information  on  Demand  solutions  for  business  optimization.  With  Cognos,  you  can  minimize 
competing  requests  by  empowering  users  to  easily  find  what  they  need.  And,  with  our  open,  Web-based  SOA, 
you  can  seamlessly  integrate  our  solution  into  your  existing  environment.  Plus,  only  Cognos  provides  the 
added  value  of  expertise  and  best  practices  with  industry-specific  blueprints  and  BI  Competency  Center 
development  —  which  means  you’ll  always  stay  on  solid  footing. 


Proceed  with  confidence.™  To  find  out  how  our  NEW  IBM  Cognos  8v4  solution  can  help  your  business  users 
even  more,  visit  www.cognos.com/c8v4. 


Copyright  ©  2008  Cognos  ULC,  an  IBM  company. 
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Mary  Lou  Jepsen 

Pixel  Qi’s  CEO  talks  about 

One  Laptop  Per  Child,  the 
future  of  display  technology 
a  target  market  of  7  billion. 


Name:  Mary  Lou  Jepsen 
Title:  CEO 

Organization:  Pixel  Qi 

Location:  Taipei  and 
San  Bruno,  Calif. 

Favorite  technology:  All  things 
optical. 

Philosophy  in  a  nutshell: 
“When  people  tell  you  some¬ 
thing  is  impossible,  what  they 
are  really  saying  is  that  it’s 
an  interesting  project.” 

Most  interesting  place  she  has 
ever  visited:  “As  a  freshman 
in  college,  the  holography  lab. 
It  absorbed  the  next  decade  of 
my  life.” 

Favorite  vice:  The  free  sake 
at  the  ANA  Lounge  in  Narita 
Airport. 

Favorite  nonwork  pastimes: 
“What’s  that?  Outside  work? 

It  will  be  a  while ...  but  seeing 
friends,  kayaking,  bike  riding, 
seeing  and  making  art,  and  go¬ 
ing  to  concerts.” 


Mary  Lou  Jepsen  is  the  former  chief 
technology  ojficer  of  the  One  Laptop  Per 
Child  (OLPC)  organization.  Her  discov¬ 
eries  in  display  technology  have  helped 
create  the  XO,  a  laptop  knov^nfor  its  low 
price  and  eco-friendliness.  She  is  now 
focusing  on  advancing  display  technol¬ 
ogy  with  her  company,  Pixel  Qi,  which 
she  founded  in  early  2008. 

You  gained  worldwide  recognition  for 
your  work  with  OLPC.  How  are  you  tak¬ 
ing  these  technologies  further  with  Pixel 

Qi?  There  is  something  about  starting 
fresh.  We  started  with  a  blank  slate  at 
Pixel  Qi,  and  we  have  some  very  cool 
new  screen  designs  that  we  anticipate 
will  be  on  store  shelves  [this]  year  in 
both  laptops  and  e-book  readers.  The 
OLPC  screen  was  great  but  never  had 
great  color;  its  color  was  washed  out  — 
by  design.  We  started  over  and  came 
up  with  a  new  design  —  a  new  kind  of 
LCD  screen  that  has  great  color,  but 
also  a  stunning  e-paper  mode,  which  is 
also  a  dramatic  improvement  over  the 
OLPC  e-paper  state.  In  addition,  we 

Continued  on  page  20 
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Breakaway  IT  Leadership: 
Competing  on  the  Edge 
of  Innovation 

Attend  Computerworld's  Premier  100  IT  Leaders  Conference, 
the  only  executive  conference  where  you  can  hear  from — and 
network  with — Computerworld's  Premier  100  IT  Leaders  and 
Alumni.  They  are  unique,  award-winning  IT  executives  with 
valuable  lessons  to  share,  advice  you  can  use,  and  peer 
relationships  available  for  you  to  foster.  Here's  what  you  can 
expect  them  to  talk  about  in  conference  sessions: 

•  Investing  Wisely  in  Next-Gen  Strategies  and  Technologies 

•  Advancing  Business  Value  and  a  Greener  Enterprise 

•  Enabling  Smarter,  Faster  Business  Decisions  Via  Web  2.0 

•  Fine-Tuning  the  Global  Architecture  and  Reducing  IT  Costs 

•  Ensuring  Global  Operational  Excellence  24/7 

•  Creating  a  Destination  IT  Workplace:  Lessons  Learned 
from  the  Best  Places  to  Work  in  IT 
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^Orlando,  Florida 
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FEATURED  PRESENTERS  INCLUDE: 


JEROME  OGLESBY 

Chief  Technology  Officer, 
Deloitte.Services  IP 


JAMES  DALLAS 

SVP,  Quality  &  Operations, 
Medtronic,  Inc. 


DAWN  LEPORE 

Chief  Executive  Officer, 
Drugstore.com 


For  details  or 
«  to  register,  visit: 

www.premier100.com 
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To  sponsor:  Contact  Johrt  yufOpas  at ,  ' 
john_vulopas@coniputervy6Hd.com .  ■ 
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H  that  we 

plateau  today  really 
suggests  that  it’s 
time  for  something 
radical  and  new. 


Continued  from  page  18 
have  driven  the  power  consumption 
down.  We  are  working  on  intertwining 
the  display  with  the  CPU  and  mother¬ 
board  to  dramatically  further  lower 
the  cost  and  vastly  prolong  the  battery 
life  of  the  laptop  between  charges. 

Longer  term,  we  are  developing 
products  for  2010-2011  where  we  can 
completely  remove  the  backlight  from 
the  LCD  in  laptops.  These  displays 
will  be  bright  and  colorful  in  room 
light  and  bright  sunlight.  They  will  be 
easy  to  read  and  offer  ultralow  power 
consumption  —  less  than  1%  of  current 
LCD  power  consumption. 

What  do  you  think  displays  will  look  like 
in  five  years?  Ten  years?  I  think  that 


the  future  of  portable  computing  is  all 
about  the  screen. 

Look  at  an  iPhone;  all  you  see  is  the 
screen.  With  cloud  computing  and 
thin-client  technologies,  we  don’t  need 
a  motherboard  or  a  CPU  anymore  — 
just  a  transceiver  and  a  screen.  In  a 
very  real  way,  I  think  that  we  will  see, 
more  and  more,  new  forms  of  porta¬ 
bles  emerging  that  are  dictated  by  the 
screen  alone. 

Historic  estimates  of  the  future  of 
display  technology  have  been  exceed¬ 
ingly  poor.  We  were  all  supposed  to 
have  holographic  video  by  1985.  Now 
we  hear  that  it’s  OLEDs  or  electro- 
phoretics  [a  type  of  low-power,  passive 
display]  coming  next. 

I  disagree.  Here’s  why;  The  manu¬ 
facturing  development  of  these  new 
technologies  and  materials  takes  many 
years  and  billions  of  dollars.  OLEDs 
and  electrophoretics  were  promised  in 
high-volume  mass  production  a  decade 
ago  and  still  attain  annual  volumes  of 
less  than  1  million  units  a  year,  with 
quality  and  reliability  that  fall  well 
short  of  what  mature  markets  demand. 

I  think  that  we  just  need  to  look  to 
the  history  of  silicon  technologies  to 
see  the  future  of  display.  About  two 
decades  ago,  there  were  many  different 
electronic  technologies.  [Then]  CMOS 
became  good  enough,  and  everyone 
moved  to  it,  except  for  niche  applica¬ 
tions.  A  similar  shift  has  occurred  in 
displays.  Today  it’s  nearly  all  LCD. 

Behind  the  scenes,  the  manufactur¬ 
ing  infrastructure  of  TET  [thin-film 
transistor]  LCD  today  dwarfs  that 
of  foundry  silicon,  shipping  about 
$100  billion  [worth]  per  year.  I  believe 
that  we  need  to  leverage  this  infra¬ 
structure  in  new  ways  to  make  new 
displays,  but  without  changing  the 
manufacturing  processes  or  materials 
in  drastic  ways.  Rather  than  inventing 
new  processes  to  compete  with  this 
immense  and  mature  infrastructure, 
we  follow  and  partner  with  the  manu¬ 
facturers’  development  road  map  and 
create  truly  innovative  displays  that 
can  ship  in  high  volume  and  at  low 
cost  quickly. 

This  is  what  I  was  able  to  do  at  One 
Laptop  Per  Child,  and  this  is  the  trail 
we  continue  to  blaze  at  Pixel  Qi. 

Will  we  ever  join  Spook  in  the  holodeck? 


The  holodeck  is  possible,  but  not  yet 
totally  possible.  It  will  take  a  while  to 
debug  it  —  many  years,  I  suspect.  But 
lots  of  efforts  have  been  made.  The 
question  is,  do  we  actually  want  to  pay 
for  it,  use  it  and  suffer  through  the  de¬ 
bugging  period? 

What  accomplishments  are  you  most 
proud  of?  I’m  most  proud  of  the  impact 
that  One  Laptop  Per  Child  has  had  on 
literally  millions  of  children  with  little 
or  no  opportunity  otherwise.  There’s  a 
kid  named  Badmus  in  northern  Nigeria 
that  sent  a  note  to  me  at  OLPC  in  which 
he  said,  “I  love  my  laptop  more  than  my 
life.”  He  has  a  tough  life,  and  there  are 
many  millions  of  kids  just  like  Badmus. 
We  need  to  reach  them  all. 

I’m  trying  to  continue  the  efforts 
we  started  at  One  Laptop  Per  Child 
at  Pixel  Qi  by  making  screens  for  the 
broader  market  rather  than  for  just 
one  laptop  model  as  I  did  at  OLPC. 
Why?  This  allows  much  bigger  reach. 
Paradoxically,  spinning  out  of  OLPC 
was  the  best  way  I  could  think  to 
continue  to  help  OLPC,  because  by 
making  more  of  something,  you  can 
make  it  less  expensive.  Less  expensive 
laptops  would  allow  more  children  ac¬ 
cess  to  them. 

Pixel  Qi,  of  course,  is  a  for-profit 
corporation.  But  let’s  remember  the 
immense  scale  of  the  opportunity 
when  you  realize  that  all  nearly  7  bil¬ 
lion  people  on  Earth  can  be  your  target 
market. 

Do  you  have  any  advice  for  young  inven¬ 
tors  in  the  computer  industry?  It’s  too 
easy  to  accept  that  because  the  defini¬ 
tion  of  computing  today  seems  pretty 
stable  and  standard,  that  therefore  we 
now  have  what  we  are  going  to  have. 
The  fact  that  we  have  a  plateau  today 
really  suggests  that  it’s  time  for  some¬ 
thing  radical  and  new. 

Actually,  the  “bottom  of  the  pyra¬ 
mid”  is  a  good  place  to  start  looking  for 
an  entirely  new  way  to  define  comput¬ 
ers.  What  is  the  computer  platform 
that  could  serve  all  adults  on  Earth 
rather  than  the  1  billion  or  so  that  now 
have  access? 

—  Interview  by  Sara  Forrest, 

a  freelance  photographer 
and  writer  in  New  York 
(saraforrestphoto@gmail.com) 
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■  OPINION 

Gary  Anthes 


Out  With  the  Old, 
In  With  the  New 


Late  last  year,  just  when  it  seemed  that  every 
slimy  rock  on  Wall  Street  had  already  been  turned 
over,  came  news  of  the  Mother  of  All  Ponzi  Schemes 
—  the  apparent  disappearance  of  $50  billion  at  the 
hands  of  Bernard  Madoff. 

The  mind  boggles  at  such  sums.  And  yet,  that’s  small 


potatoes  compared  to  the 
pyramid  scheme  that  was 
built  around  mortgage- 
based  financial  deriva¬ 
tives.  I  used  to  wonder  at 
the  megacompensation 
of  those  “managers”  on 
Wall  Street.  How  could 
so  many  make  so  much, 

I  wondered,  doing  things 
that  seemed  to  contribute 
so  little  to  society? 

I  chalked  it  up  to  my 
ignorance,  to  my  having 
gone  to  business  school 
long  before  things  like 
credit-default  swaps  ex¬ 
isted.  If  someone  got  a 
$10  million  bonus  for  doing 
something,  that  something 
must  be  pretty  important 
and  useful,  I  figured. 

A  mortgage  is  a  thing 
of  value  —  to  the  home 
buyer,  to  the  lending  insti¬ 
tution  and  to  society.  But 
mortgages  were  packaged 
and  sold,  and  then  repack¬ 
aged  and  resold  again 
and  again  until  they  were 
buried  in  deals  so  complex 
that  neither  their  buyers 
nor  their  sellers  complete¬ 
ly  understood  them. 

But  so  what?  Risk  and 


“leverage”  (debt)  were  in 
fashion,  and  every  party  at 
each  step  made  big  bucks. 
Never  mind  that  no  real 
value  was  created  at  most 
of  those  steps. 

So,  what  does  this  have 
to  do  with  IT?  Last  year, 
researchers  at  the  Well¬ 
come  Trust  Centre  for 
Neuroimaging  at  Univer¬ 
sity  College  London  pin¬ 
pointed  a  part  of  the  brain, 
called  the  ventral  striatum, 
that  is  the  locus  of  people’s 
craving  for  the  new  and 
unfamiliar.  It  predisposes 
people  to  take  risks  even 
when  there  is  little  logical 
basis  for  doing  so.  I  think 
it  was  at  work  on  Wall 
Street,  and  I  think  IT  man¬ 
agers  are  often  driven  by  it 
as  well. 

■  What  do  you 
have  in  common 
with  Bernard 
Madoff  and  the 
Wali  Street  man¬ 
agers  who  bought 
those  mortgape- 
backed  securities? 


The  history  of  IT  since 
the  1970s  can  be  summed 
up  as  one  giant  quest  to 
find  a  better  place  to  put 
stuff —  hardware,  soft¬ 
ware  and  data.  First  it  was 
on  mainframes,  then  on 
clients  and  servers,  then 
in  N-tier  arrangements; 
then  it  was  outsourced  or 
offshored,  then  “virtual¬ 
ized,”  then  put  on  external 
Web  servers,  then  moved 
into  the  cloud.  There 
were  even  a  few  flash¬ 
backs:  Mainframes  were 
said  to  be  back  in  style; 
thin  clients  were  in,  then 
out,  then  back  again.  Ev¬ 
ery  year  or  so,  it  seems, 
someone  comes  up  with 
a  “better”  idea  of  how  to 
slice  and  dice  computing’s 
resources. 

Here’s  how  it  works:  An 
IT  manager  has  a  certain 
computing  infrastructure 
in  place  for  his  company. 

It  works  OK,  maybe  better 
than  the  last  thing  he  had, 
but  of  course  it  does  have 
some  problems.  Onto  the 
stage  stride  the  vendors, 
the  analyst  blowhards,  a 
few  peers  and  maybe  a 


few  users,  all  saying  they  ' 

have  a  better  idea.  Indeed,  ; 

the  IT  manager  needs  { 

a  better  idea  in  order  to  1 

deflect  criticism  for  that  < 

downtime  last  week  and  to  < 

justify  a  budget  increase.  \ 

Plus,  his  ventral  striatum  \ 

says  new  things  and  risk-  ! 

taking  are  good.  I 

Our  hapless  IT  manager  * 

finds  that  changing  to  the  \ 

new  idea  is  much  more  I 

expensive  and  painful  ! 

than  anyone  expected  and  \ 

that  not  all  the  promised  ' 

benefits  are  realized.  But  \ 

at  least  he  has  a  new  “plat-  , 

form”  on  which  to  catch  I 

his  breath  until  the  next  ! 

big  thing  comes  along.  i 

Am  I  suggesting  that  we  J 

IT  people  —  who  live  on  J 

the  leading  edge  almost  by  ] 

definition  —  should  run  \ 

away  from  the  next  big  < 

thing?  Should  we  emulate  j 

our  financial  brethren,  j 

so  recently  drunk  on  risk  J 

and  leverage,  who  are  now  I 

afraid  to  get  out  of  bed?  i 

No,  I’m  just  suggesting  * 

that  new  computing  para-  | 

digms  always  have  a  cer-  J 

tain  faddish  quality,  and  ! 

they  entail  risks  you  don’t  i 

always  have  to  take.  Cau-  • 

tion  is  back  in  style.  { 

So  this  would  be  a  good  I 

year  to  make  what  you  I 

have  work  a  little  bit  better  i 
—  a  good  year  to  invest  in  j 

training,  procedures,  doc-  [ 

umentation  and  other  bor-  I 

ing  things.  Then,  by  2010,  I 

you’ll  be  ready  for  the  next  > 
silver  bullet.  ■  j 

Gary  Anthes  is  a  Computer-  , 

world  national  correspon-  [ 

dent.  You  can  contact  I 

him  at  gary_anthes@  1 

computerworld.com.  • 
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Nine  ways  to  get  more  out  of 
software  vendors  in  2009. 

BY  THOMAS  HOFFMAN 


A  FEW  YEARS  AGO,  while 
sleuthing  out  underused, 
undermaintained  or  mis¬ 
aligned  software  assets 
at  Sony  Pictures  Home 
Entertainment,  David  Cortese  found 
that  he  was  paying  for  266  ERP  licens¬ 
es  at  a  cost  of  $7,000  per  seat  when  in 
fact  he  was  using  just  177. 

By  reworking  those  agreements  and 
some  others,  he  cut  several  million 
dollars  in  IT  overhead.  “Everything  is 
negotiable,”  says  Cortese,  the  compa¬ 
ny’s  vice  president  of  IT. 

As  the  economy  slides,  that’s  becom¬ 
ing  the  mantra  for  more  and  more  IT 
leaders,  says  Joe  Auer,  president  of 
International  Computer  Negotiations 
Inc.,  a  Winter  Park,  Fla.-based  consul¬ 
tancy.  “When  [economic]  times  are 
great,  it’s  tough  to  get  people  to  do  bet¬ 


ter  deals,”  says  Auer,  who  has  34  years 
of  technology  contract  negotiation 
experience,  “But  when  times  are  tough, 
they  want  to.” 

Do  they  ever.  Forrester  Research 
Inc.  analyst  Ray  Wang  says  that  over 
the  past  few  months,  more  than  200 
clients  have  contacted  him  and  other 
Forrester  analysts  looking  for  help  in 
renegotiating  existing  licensing  and 
maintenance  pacts.  “They’re  looking 
for  Plan  B’s”  to  cut  costs,  says  Wang. 

Now  is  the  time  to  design  your  own 
Plan  B.  Here  are  nine  ideas  to  help  you 
negotiate  harder  with  vendors,  cut 
waste,  sharpen  licenses  and  get  more 
out  of  your  IT  assets  this  year: 

DO  YOUR  HOMEWORK. 

To  be  adequately  armed  for  ef¬ 
fective  contract  negotiations  or 
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renegotiations,  it’s  imperative  that  you 
know  your  existing  contracts  inside 
and  out,  says  Roy  Schleiden,  senior 
manager  of  IT  procurement  at  YRC 
Worldwide  Inc.,  a  transportation  ser¬ 
vices  company  in  Overland  Park,  Kan. 
“It’s  amazing  to  me  how  many  people 
don’t  read  their  contracts  and  don’t 
know  what’s  in  them,”  he  says. 

GIVE  BACK 
SHELFWARE,  AND 
DON’T  BUY  MORE. 

Wang  says  that  many  clients  overesti¬ 
mate  the  number  of  user  seats  needed 
for  a  particular  software  system  and 
end  up  licensing  a  lot  of  shelfware. 
“There’s  a  lot  of  room  to  cut  licenses,” 
he  says. 

But  many  licenses  are  designed  to 
make  that  difficult  to  do.  If  a  customer 
wants  to  reduce  the  number  of  seats, 
some  vendors,  including  SAP  AG  and 
Oracle  Corp.,  typically  respond  by 
raising  the  price  per  seat,  says  Wang. 
The  net  result:  You  pay  the  same  and 
get  less. 

Although  both  SAP  and  Oracle 
tend  to  be  fairly  rigid  about  lowering 
the  number  of  user  seats  in  software 
agreements,  there  are  techniques  you 
can  use  to  get  around  this  problem 
with  other  vendors.  For  instance, 
since  July,  Schleiden  and  his  team 
have  worked  with  approximately  300 
of  YRC ’s  software  vendors  to  see  if  it 
would  be  possible  to  “park”  unused 
seat  licenses  until  the  economy  im¬ 
proves.  Parked  seats  are  set  aside  and 
licensed  at  a  price  that’s  significantly 
lower  than  the  per-user  price  in  the 
contract.  Once  the  economy  improves, 
the  parties  unpark  the  seats  and  revert 
to  the  original  cost  structure.  So  far, 
YRC  has  been  successful  with  about 
80%  of  the  vendors  it  has  contacted, 
including  providers  of  application 
software,  technical  tools  and  database 
systems,  says  Schleiden. 

USE  YOUR  LEVERAGE. 

But  renegotiation  after  the 
fact  is  never  easy.  Given  the 
difficulty  of  adjusting  a  license  in  mid¬ 
stream,  the  best  cost-saving  opportuni¬ 
ties  are  at  the  front  end  of  a  contract, 
when  the  vendor  knows  that  you  can 
still  walk.  For  example,  vendor  pricing 
models  are  often  poorly  documented. 


RICHARD  B0R6E 
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says  Wang,  so  before  you  sign,  make 
sure  you  completely  understand  the 
terms  of  pricing  and  use  them  to  your 
advantage.  “It’s  more  cost-effective  to 
flex  up,”  he  says. 

That  means,  for  example,  that  a 
customer  with  1,000  users  should  ne¬ 
gotiate  hard  for  the  first  500  seats  at 
the  onset  of  contract  negotiations  and 
then  add  sets  of  100  more  licenses  as 
needed,  Wang  says. 

ASK,  AND  YOU 
SHALL  RECEIVE. 

In  light  of  the  economic 
crunch,  some  vendors  are  coming 
up  with  creative  financing  to  entice 
would-be  customers  to  sign  deals, 
says  Schleiden.  If  they  don’t,  you 
should.  “We  have  a  list  of  side  perks 
we  typically  ask  the  vendor  for,”  says 
Schleiden.  These  include  cost  caps 
on  future  maintenance  and  licensing 
increases,  and  free  first-year  mainte¬ 
nance.  “We’ve  never  been  successful 
in  getting  them  all,  but  we  typically  get 
several,”  he  says 

Never  hesitate  to  ask  vendors  for 
concessions,  says  Gartner  Inc.  ana¬ 
lyst  Jane  Disbrow.  During  the  course 
of  contract  negotiations,  software 
vendors  will  typically  go  through  a 
discounting  process  “that  leads  the 
customer  to  believe  that  [the  sales¬ 
people]  won’t  be  able  to  feed  their  own 
children  tomorrow  because  they  gave 
them  such  a  great  deal,”  she  says. 

But  don’t  worry  about  the  vendors. 
They  “always  tend  to  hold  back  money,” 
Disbrow  says.  Your  goal  should  be  to 
not  leave  any  of  that  money  on  the  table. 

ELIMINATE 
PHANTOM  SYSTEMS. 

During  the  cost-cutting  drive 
at  Sony  Pictures  Home  Entertainment, 
Cortese  met  with  various  business  unit 
leaders  to  determine  what  software 
contracts  were  in  place  and  how  effec¬ 
tively  software  was  being  used.  “I  was 
pretty  blown  away  by  what  I  discov¬ 
ered,”  he  says. 

For  instance,  during  Cortese’s  evalu¬ 
ation,  the  company  received  a  $125,000 
maintenance  bill  from  a  provider  of 
workflow  management  software.  With 
a  little  digging,  he  found  that  the  sys¬ 
tem  war,  no  longer  in  use.  “If  we  hadn’t 
asked  about  it,  the  maintenance  bill 


INTERNATIONAL  COMPUTER 
NEGOTIATIONS  INC.  provides  a 
comprehensive  software  licensing 
agreement  checklist  that  you  can 
access  online  at  www.dobetterdeals. 
com/swchecklist.  Among  those  tips 
is  that  any  software  licensing  agree¬ 
ment  should  identify  the  applicable 
parts  of  any  collateral  material  that 
helped  you  choose  the  vendor  or 
in  which  the  vendor  “promises”  to 
meet  your  needs.  Examples  include 
marketing  materials,  portions  of  your 
request  for  proposals,  the  vendor’s 
proposal  and  correspondence. 

ICN  also  suggests  that  a  software 
license  agreement  should  include  the 
following  provisions: 

■  It  should  state  that  no  payment  is 
required  until  you  receive  the  goods 
or  services. 

■  It  should  allow  a  sufficiently  broad 
scope  of  use  for  the  software.  A  lim¬ 
ited  scope  of  use  is  the  leading  cause 
of  higher  license  fees. 

■  The  agreement  should  allow  cer¬ 
tain  parties  other  than  the  original 
licensee  to  use  the  software.  Such 
parties  include  subsidiaries,  the  par¬ 
ent  company  or  parties  involved  in  a 
merger  or  acquisition. 

■  The  license  grant  should  be  broad 
enough  to  cover  usage  rights  even  if 


just  would  have  gone  through,”  he  says. 

6  PUT  MAINTENANCE 
UNDER  A  MICRO¬ 
SCOPE. 

Vendors  hate  to  discount  maintenance, 
largely  because  it’s  so  profitable.  For 
instance,  85%  of  the  revenue  Oracle 
derived  from  software  maintenance 
in  fiscal  2008  was  pure  profit  and  rep¬ 
resented  76%  of  the  company’s  total 
profit,  according  to  the  company’s 
2008  10-K  report. 

If  a  customer  signs  an  enterprise 
software  deal  worth  tens  of  millions  of 
dollars,  it  might  have  the  leverage  to 
demand  discounted  maintenance  rates, 
says  Wang,  but  generally,  it’s  an  area 


you  don’t  opt  for  maintenance. 

■  You  should  receive  the  right  to  use 
the  source  code,  modify  it  and  create 
derivative  works  from  it. 

■  If  you  are  acquiring  an  application 
that  isn’t  an  off-the-shelf  product, 
you  should  have  the  right  to  test  and 
accept  the  software  before  any  pay¬ 
ment  obligation  is  triggered. 

■  Under  the  term  and  termination 
provision,  your  term  of  use  should  in¬ 
clude  the  acceptance-testing  phase, 
and  your  right  to  terminate  before  the 
expiration  date  should  begin  prior  to 
final  acceptance. 

■  The  contract  should  state  what 
recourse  is  available  to  you  if  the 
vendor  guarantees  something  but 
doesn’t  deliver. 

■  The  vendor  should  guarantee  that  it 
will  fulfill  its  tax  responsibilities. 

■  The  vendor’s  liability  limits  should 
be  consistent  with  the  magnitude 
of  the  deal.  Normal  vendor  liability- 
limitation  provisions  severely  restrict 
the  amount  of  protection  you  receive 
from  the  vendor. 

■  You  should  be  able  to  terminate  the 
agreement  for  any  material  breach 
by  the  vendor  if  it  doesn’t  address  the 
problem  in  an  agreed-upon  period 

of  time. 

-  THOMAS  HOFFMAN 


that  vendors  don’t  want  to  haggle  over. 
“Maintenance  is  the  last  thing  [ven¬ 
dors]  want  to  discount,”  he  says. 

But  there  are  always  exceptions.  For 
example,  under  most  vendor-generated 
software  contracts,  customers  begin 
paying  for  maintenance  before  the  ink 
has  dried  on  the  contract  —  even  if  it 
takes  a  year  or  more  to  implement  the 
system.  But  some  IT  leaders  push  hard 
not  to  pay  maintenance  for  any  soft¬ 
ware  until  the  system  has  gone  live. 
Cortese  says  he’s  had  mixed  results  in 
attempting  to  defer  maintenance,  but 
he  was  successful  recently  on  a  seven- 
figure  CRM  license. 

YRC  Worldwide’s  Schleiden  tries  to 
Continued  on  page  26 
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Your  potential.  Our  passion. 

HHcrosaH 


Mediterranean  Shipping  Company  has 
discovered  a  new  form  of  energy. 


Mediterranean  Shipping  Company  (MSC)  is  the  second-largest 
container  ship  line  in  the  world,  with  a  database  that  tracks  more 
than  210  billion  transactions  a  year.  The  company  recently  upgraded 

its  database  to  Microsoft*  SQL  Server*  2008,  nbt  only  to  handle  this 

/ 

massive  load,  but  also  to  simplify  MSC's  database  administration 
and  help  ensure  high  availability.  Which  is  like  a  new. form  of  energy 
for  MSC.  See  the  whole  story  at  SQLServerEnergy.com  .  ^ 


Microsoft 


^  SQLServer2008 


To  get  the  full  MSC 
story  on  your  phone, 
snap  a  picture  of  this 
tag.  (Requires  a  free 
mobile  app  from 
http://gettag.mobi) 
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Continued  from  page  24 
get  the  first  year  of  maintenance  free  of 
charge.  Though  he,  too,  is  not  always 
successful,  he  says  that  “lately,  the 
percentage  [of  vendors  that  concede]  is 
higher  than  it’s  been  in  the  past.” 

Schleiden’s  IT  procurement  group 
also  tracks  the  number  of  software 
maintenance  calls  it  puts  out  to  each 
of  its  suppliers  annually  to  make  sure 
YRC  is  getting  its  money’s  worth. 

Last  year,  Schleiden  renegotiated 
maintenance  fees  with  some  vendors 
and  shifted  to  use-based  maintenance 
agreements  with  others.  With  one  ERP 
vendor,  he  recently  negotiated  a  three- 
year  maintenance  agreement  at  a  2% 
annual  increase  cap  per  year. 

Schleiden  says  it’s  easier  to  renegoti¬ 
ate  maintenance  agreements  for  mid¬ 
dleware  software  than  it  is  for  main¬ 
frame  systems  because  there’s  more 
competition  in  the  middleware  market. 

Other  users  take  a  hard  line  across 
the  board  on  any  maintenance  fee 
increases.  “We  make  it  clear  to  all  of 
our  suppliers  that  while  software  [is] 
important  to  our  company,  the  focus 
of  our  company  is  selling  things  like 
helicopters  and  golf  carts,”  says  Sherri 
Zapinski,  director  of  Textron  Inc.’s 
indirect  strategic  sourcing  center  of 
excellence.  “So  if  an  engine  supplier 
doesn’t  get  to  raise  its  prices,  it’s  not 
fair  if  someone  like  a  software  supplier 
that’s  used  for  overhead  gets  to  raise  its 
prices.” 

Still,  Zapinski  says  she  “might  make 
an  exception”  if  a  vendor  has  been 
reliable  and  consistently  responsive  in 
delivering  patches,  upgrades  and  other 
fixes  over  time. 

BYOC. 

Auer  strongly  recommends 
that  clients  bring  their  own 
contracts  whenever  possible  and  that 
they  let  the  vendor  know  they  will  be 
doing  so  in  the  request-for-proposals 
stage  of  the  deal. 

“Here’s  a  legitimate  problem  for  ven¬ 
dors;  If  you  pull  out  your  own  contract 
at  the  end  of  a  deal,  there’s  rarely  a 
way  for  vendors  to  agree  to  it  quickly,” 
says  Auer.  That’s  because  the  lawyers 
representing  vendors  are  familiar 
with  their  clients’  formulaic  contracts 
but  would  require  additional  time  to 
go  line  by  line  through  a  customer’s 


contract.  In  fact,  says  Wang,  if  you  do 
insist  on  using  your  own  “paper,”  ex¬ 
pect  to  add  three  to  six  months  to  the 
negotiation  process,  even  if  you  state 
your  intention  upfront. 

In  Disbrow’s  experience,  customers 
outside  the  public  sector  almost  always 
have  to  use  form  contracts  offered  by 
SAP  and  Oracle.  But  some  customers 
say  they’re  comfortable  using  vendor¬ 
generated  contracts;  they  merely  insist 
on  amending  them. 

“We’ve  never  signed  any  kind  of  an 
agreement  without  making  changes,” 
says  Tyrone  Magby,  IT  sourcing  man¬ 
ager  at  Fiserv  Inc.  in  Brookfield,  Wis. 
Key  examples  include  the  addition  of 
indemnification  clauses  and  guaran¬ 
tees  that  the  maintenance  terms  are 
tied  to  the  net  price  and  not  the  list 
price  of  the  system,  he  says. 

8  DON’T  BE  RUSHED. 

Don’t  allow  a  vendor  to  hurry 
you  or  corner  you  into  making 
a  deal  to  meet  its  timetable.  “We  don’t 
like  to  be  forced  into  [meeting]  a  date,” 
says  Magby.  “We  don’t  play  that  game.” 

“If  a  vendor  gives  you  less  than  a 
month  to  do  a  deal,  you’ll  almost  cer¬ 
tainly  lose  financial  benefits  to  your 
company,”  says  Schleiden.  That’s  be¬ 
cause  30  days  or  less  isn’t  enough  time 
for  customer  companies  to  work  their 
own  provisions,  like  audit  require¬ 
ments,  into  a  contract  or  to  negotiate 
and  “make  the  vendor  sweat  the  com¬ 
petition,”  says  Schleiden. 

9  RUN  THE  CLOCK. 

The  best  time  to  negotiate  a 
software  deal  is  toward  the 
end  of  a  vendor’s  financial  quarter  or 
fiscal  year,  when  its  salespeople  are 
trying  to  hit  their  numbers.  Disbrow 
says  contracts  landed  during  these  pe¬ 
riods  can  include  overall  discounts  of 
5%  to  10%.  To  gain  maximum  leverage, 
Auer  recommends  starting  the  process 
60  to  90  days  before  the  end  of  a  fiscal 
year,  or  30  days  before  the  end  of  a  fi¬ 
nancial  quarter. 

“Vendors  are  real  serious  about 
salespeople  making  their  quotas,”  says 
Auer.  “They  can  make  magic  things 
happen  during  those  times.”  ■ 

Hoffman  is  a  former  Computerworld 
national  correspondent.  Contact  him  at 
tom.hoffman24@gmail.com. 


SWEET 

TALK 

AS  PART  OF  HIS  EFFORTS  to  cut  soft¬ 
ware  costs,  David  Cortese  has  occa¬ 
sionally  agreed  to  serve  as  a  spokes¬ 
man  for  products  his  company  uses. 

For  instance,  Cortese,  the  vice 
president  of  IT  at  Sony  Pictures  Home 
Entertainment,  agreed  to  speak  at  a 
business  intelligence  vendor’s  annual 
user  conference  and  a  few  educa¬ 
tional  events.  He  also  agreed  to  be 
interviewed  for  an  article  about  its 
products. 

In  exchange,  Cortese  received  train¬ 
ing  credits  for  his  IT  staff  and  passes 
to  the  vendor’s  annual  customer  con¬ 
ference,  a  value  he  estimated  in  the 
tens  of  thousands  of  dollars. 

Cortese  says  he’s  been  very  selective 
in  speaking  about  vendor  products. 
“I’ve  done  this  with  two  vendors  in 
eight  years.  It’s  only  for  the  best  of  the 
best;  you  have  to  be  very  discriminat¬ 
ing  about  it,”  he  says. 

Be  aware  that  speaking  for  a  vendor 
doesn’t  guarantee  better  service,  says 
Forrester  Research  analyst  Ray  Wang. 
He  knows  some  users  who  have  spo¬ 
ken  in  support  of  ERP  vendors  but  still 
faced  lengthy  implementation  delays. 
"The  lesson  learned  is  that  you’d  bet¬ 
ter  get  some  delivery  dates  agreed  to 
upfront,”  says  Wang. 

About  a  year  ago,  Textron  was  asked 
to  discuss  a  software  product  that  a 
vendor  was  modifying.  In  exchange,  it 
was  offered  new  back-end  functional¬ 
ity  free  of  charge,  says  Sherri  Zapin¬ 
ski,  director  of  Textron’s  indirect  stra¬ 
tegic  sourcing  center  of  excellence. 

Textron  declined  the  offer.  “We 
weren’t  sure  if  we  were  going  to  like 
that  new  functionality,”  says  Zapinski. 
She  says  her  company  has  agreed  on 
occasion  to  speak  about  vendor  prod¬ 
ucts  at  conferences  but  without  any 
financial  strings  attached. 

YRC  Worldwide  officials  have  spoken 
about  products  on  behalf  of  vendors  - 
but  “infrequently  and  very  cautiously,” 
says  Roy  Schleiden,  senior  manager 
of  IT  procurement  and  vendor  man¬ 
agement.  YRC  Worldwide  insists  on 
several  conditions,  but  most  important 
is  that  it  retain  complete  control  over 
what  it  says  about  the  products. 

-  THOMAS  HOFFMAN 
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Maximize  the  Business 
Benefits  of  SaaS ! 
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•  See  and  hear  about  essential  SaaS 
building  block  technologies 

•  Hear  presentations  from  world-class 
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in  Dollars,  Time  to  Market  and  More 
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TURNING  UP  THE 

TO  SAVE  ENERGY 


The  tem¬ 
perature’s 
rising  in 
online 
brokerage 
Scottrade  Inc.’s  data 
center  —  and  that’s  a 
good  thing.  The  move 
has  allowed  the  St. 
Louis-based  company 
to  reap  enormous 
energy  savings  while 
increasing  reliability. 

Six  months  ago,  CIO  Ian 
Patterson  hired  the  engi¬ 
neering  firm  Glumac  to  con¬ 
struct  a  computational  fluid 
dymanics  (CFD)  model  of 
Scottrade’s  data  center.  The 
model  provided  a  complete 
picture  of  thermal  airflows. 

Samuel  Graves,  chief  data 
center  mechanical  engineer 
at  Glumac,  oversaw  the  ef¬ 
fort.  “Much  can  be  learned 
from  a  thermal  CFD  model, 
and  going  forward,  the 
model  becomes  an  excellent 
tool  to  help  determine  the 
effectiveness  of  potential 
solutions,”  he  says. 

As  is  the  case  in  many 
large  data  centers,  Scot- 
trade  was  overcooling  the 
room.  The  solution:  Fix  the 
airflow  problems  and  hot 
zones  in  its  hot  aisle/cold 
aisle  configuration  and  turn 
up  the  computer  room  air 
conditioning  (CRAC)  unit’s 
thermostat.  That  sounds 
scary,  but  Patterson  says  im¬ 
plementing  the  recommen¬ 
dations  cut  power  consump¬ 
tion  by  8%  and  improved 
equipment  reliability  —  all 
without  affecting  the  perfor¬ 
mance  of  the  data  center. 

Power  and  cooling  in¬ 
frastructures  are  a  large 
piece  of  the  data  center’s 
overall  operating  cost.  The 
hard  dollar  savings  from 
some  fairly  straightforward 
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A  few  small  changes  can 
save  data  centers  big  bucks 
on  energy  consumption, 
cutting  bills  by  25%  or 
more,  says  Samuel  Graves, 
chief  data  center  mechani¬ 
cal  engineer  at  consulting 
engineering  brm  Glumac. 
Hr:'  T?ps. 


I^L  HCH£Gm  FUKS^. 
It’s  coini^  to  see  very  ljurge  holes 
cut  under  the  power  distribution 
units  ami  racks  to  bring  power  and 
cabling  to  the  racks,  says  Gr^wes.  That 
affects  air  pressure  in  a  t|used  floor, 
creating  huge  tnefhciencms.  **1  did  an 
evaluation  of  a  large  data  cmiter  a  couple 
of  years  ago,”  sa^^  Graves.  ”When  those 
holes  were  seated,  the  dient  was  ^)e 
to  shut  down  ei^t  €i|i^  units,  as  they 


Bummmms: 

nds  simple,  but  mmiy  data 


J  Unless  an  vacant  slots 
^aiadl^e  sealed  in  this  way,  air  from 
the  Tmt  and  cold  aidles  wfll  mix  inside 
the  rack  instead  of  moving  through  the 
rack  from  the  cold  aisle  to  the  hot  aisle 
.  as  it  shouki. 


3  “Almost  al«^,  a»periorated 

tiles  in  the  aisle  are  set  up 
with  an  archlteoturp  api^^  In  mind  and 
not  the  achrafaerver  toad  ”  says  Graves. 


It  may  look  nice  to  have  those  perfo¬ 
rated  tiles  neatly  spaced  and  allgrmd, 
but  it  creates  imbalances  between  die 
air  provisioned  and  the  actoaf  heat  load 
in  the  racks,  improper  placement  of 
perforated  tiles  is  a  major  culprit  behind 
cooling  problems  in  data  centers. 

imAINIJUISESSiyiENT. 
it’s  hard  to  know  exactly  where 
to  place  those  perforated  tiles 
if  you  don’t  know  what  your  cooling  re¬ 
quirements  are  in  each  row  and  for  ev¬ 
ery  rack.  Consider  hiring  an  engineering 
hrin  to  create  a  basic  CFO  model  of  your 
data  center.  These  models  can  be  used 
to  identify  problem  areas  and  design  the 
proper  fix. 

According  to  Graves,  the  cost  of 
modeling  a  large  data  center  like 
Scottrade’s  typically  comes  in  at  about 
$1.50  per  square  foot.  Tuning  and  op¬ 
timizing  the  model  adds  50  cents  per 
square  foot.  “This  is  a  generalization  on 
cost,  and  obviously,  the  larger  the  data 
center,  the  lower  the  per-^uare-foot 
cost,”  says  Graves. 

-  ROBERT  L.  MITCHELL 


changes  were  “significant,” 
Patterson  says. 

Scottrade  didn’t  just  reap 
those  savings  by  retrofit¬ 
ting  an  old,  poorly  designed 
facility.  Quite  the  contrary, 
Patterson  achieved  the  ef¬ 
ficiency  gains  in  a  state-of- 
the-art,  34,000-square-foot 
data  center  that  Scottrade 
had  rolled  out  in  2007.  The 
cost  benefits  weren’t  just 
limited  to  power  and  cool¬ 
ing  bills:  Scottrade  also 
reduced  the  load  on  backup 
power  systems  and  reduced 
the  number  of  backup  bat¬ 


teries  needed. 

The  savings  that  Scot- 
trade  achieved  are  actually 
on  the  low  side,  says  Graves. 
“Scottrade  was  already  do¬ 
ing  a  lot  of  things  right,”  he 
adds,  noting  that  Glumac 
has  seen  some  data  centers 
that  achieve  a  25%  decrease 
in  cooling  costs  when  tuned 
properly. 

The  CFD  model  identified 
three  key  areas  for  improv¬ 
ing  efficiency.  First,  it  found 
that  a  “thermocline,”  or 
plane  of  warmer  air,  was 
floating  in  the  upper  half  of 


the  data  center  space.  That 
hot  layer  started  at  a  height 
of  about  five  and  a  half  to 
six  feet  and  extended  all 
the  way  to  the  10-foot  ceil¬ 
ing.  Thus,  the  equipment  in 
Scottrade’s  top  racks  was  in 
the  hot-air  cloud. 

The  second  issue  was  the 
configuration  of  the  racks 
themselves.  Not  all  racks 
were  fully  populated,  but 
equipment  was  always  con¬ 
centrated  at  the  top  of  the 
racks,  where  it  was  subject 
to  those  higher  tempera¬ 
tures.  In  fact,  says  Patterson, 
the  hottest-running  servers 
tended  to  be  mounted  at  the 
top,  where  cooling  efficiency 
was  lowest.  To  address  that, 
Scottrade  had  lowered  the 
CRAG  system  temperature 
settings,  overchilling  the 
rest  of  the  room. 

“Scottrade  was  running 
the  overall  data  center  tem¬ 


peratures  colder  than  neces¬ 
sary  to  keep  the  tempera¬ 
tures  at  the  top  of  the  racks 
within  acceptable  ranges,” 
Graves  explains. 

Finally,  the  balance 
between  the  heat  load  pro¬ 
duced  by  the  server  racks 
and  the  quantity  of  air  sup¬ 
plied  to  the  cold  aisle  was 
out  of  whack.  Engineers 
redistributed  the  perforated 
tiles  on  the  aisle  floor  to 
match  the  output  required. 
“A  thermal  balance  was 
noticed  immediately,”  says 
Graves. 

ACHIEVING  BALANCE 

Air  conditioning  systems 
perform  most  efficiently 
when  the  temperature  dif¬ 
ferentials  are  higher,  so  Glu¬ 
mac  implemented  changes 
that  made  the  cold  aisles 
colder  and  the  hot  aisles  a 
few  degrees  warmer.  “We 


There’s  an  optimal 
temperature  point 
where  you  want  your 
chips  running. 


IAN  PATTERSON, 

CIO,  SCOTTRADE  INC. 
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weren’t  optimizing  the  heat- 
to-cooling  ratio  that  the  AC 
units  needed.  You  have  to 
get  that  balance,”  Patterson 
says. 

To  address  that  thermal 
layer  problem,  Glumac 
engineers  adjusted  the 
CRAG  system  by  raising 
the  height  of  the  air-return 
intakes  by  one  and  a  half  to 
two  feet.  That  pushed  the 
thermocline  layer  above  the 
tops  of  the  racks,  providing 
a  better  thermal  environ¬ 
ment  for  equipment  located 
there. 

Once  the  airflow  bal¬ 
ance  was  achieved  in  the 
aisles,  engineers  turned 
their  attention  to  what  was 
inside  the  racks.  “There’s  an 
optimal  temperature  point 
where  you  want  your  chips 
running,”  says  Patterson. 
With  that  in  mind,  Scottrade 
reorganized  the  racks,  mov¬ 
ing  power-hungry  servers 
lower  to  balance  the  heat 
distribution  within  the 
racks. 

It  also  helps  that  Scot- 
trade’s  new  data  center  is  us¬ 
ing  energy-efficient  servers. 
The  lU  and  2U  Dell  Power- 
Edge  blade  server  models  it 
has  chosen  use  low-voltage 
processors,  variable-speed 
fans  that  accelerate  and  de¬ 
celerate  depending  on  proc¬ 
essing  power  consumption, 
and  high-efficiency  power 
supplies.  (Those  units  came 
with  VMware  virtualiza¬ 
tion  software  embedded  on 
ROM,  making  setup  easier.) 
“It  draws  less  energy,  and  it 
keeps  the  internal  tempera¬ 
tures  in  the  boxes  cooler,” 
Patterson  says. 

NEWER  AND  HOTTER 

But  there’s  another  advan¬ 
tage  to  newer  servers  that 
data  center  managers  may 
miss:  They  are  able  to  run 
fine  at  higher  operating  tem¬ 
peratures  than  the  previous 
generation  of  equipment 


was  able  to.  That  means  that 
server  racks  can  run  warmer. 

“Data  center  operators 
who  take  advantage  of  these 
higher-temperature  capa¬ 
bilities  can  gain  significant 
energy  efficiencies  in  their 
cooling  infrastructures,” 
says  Graves. 

Those  changes  “improved 
our  power  consumption,  our 


air  conditioning  costs,  and 
reduced  our  total  costs  of 
running  our  business,”  says 
Patterson. 

Scottrade  needs  low  la¬ 
tency  levels  in  order  to  fulfill 
its  commitment  to  complet¬ 
ing  trades  quickly.  The  firm 
relies  on  the  highest  pos¬ 
sible  server  performance 
to  support  split-second 


transactions  for  its  custom¬ 
ers.  Fortunately,  the  redesign 
required  no  compromises: 
Moving  to  a  hotter  data 
center  didn’t  reduce  perfor¬ 
mance  or  affect  longevity  of 
the  computing  equipment, 
Patterson  says.  Instead,  the 
changes  improved  reliability 
by  keeping  equipment  within 
optimal  operating  ranges.  ■ 


eflum 


HOW  THEY  DID  IT 


After  creating  a 
computational  fluid 
dynamics  model  of 
Scottrade’s  data 
center,  Samuel 
Graves,  chief  data 
center  mechanical 
engineer  at  Glu¬ 
mac,  was  able  to 
identify  the  key 
problem  areas.  Then 
these  three  basic, 
inexpensive  changes 
helped  Scottrade  cut 
power  consumption 
by  8%,  increase 
cooling  efficiency 
and  improve  equip¬ 
ment  reliability  in  its 
data  center. 
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IBM  System  x3350  Express 

. _ _  . . 

”$1,849 


OR  $48/  MONTH  FOR  36  MONTHS' 

Stop  doing  those  routine  tasks  that  tie  you  up  for  hours. 
IBM  System  x3350  Express  monitors  your  infrastructure 
from  a  single  point  of  control.  Proactively  identifies 
potential  problems.  And  helps  you  solve  them  quickly. 
Let  System  x  servers  take  on  more  routine  tasks,  so  you 
can  take  on  more  challenges. 


THE  SERVER  THAT  PRACTICALLY  MANAGES  ITSELF. 


PN:  4193E2U 


Featuring  Intel®  Xeon®  Processors  X3330  (2.66  GHz/1333  MHz),  6  MB 
L2  QC,  2x2  GB,  open  bay  SAS  2.5"  HS 


From  the  people  and  Business  Partners  of  IBM. 

It’s  innovation  made  easy. 


Predictive  Failure  Analysis  and  Light  Path  Diagnostics;  redundant,  hot- 
swappable  power  supplies  and  fans;  and  up  to  4  hard  disk  drives 

3-year,  next  business  day,  on-site  limited  warranty^ 


IBM  has  more  ways  to  help  you  get  more  done. 


IBM  SYSTEM  STORAGE  DS3200  EXPRESS  $4,495  OR  $117/  month  for  36  months’ 

PN;  172621 X 

Up  to  six  3.5"  SAS  or  SATA  HDDs  or  up  to  eight  2.5"  SAS  HDDs  and  internal  tape  backup  option 
for  storage  protection 

Integrated  RAID  capability,  -0,  -1  and  -1.0;  RAID-5  optional 


Comes  with  a  3-year  on-site  limited  warranty^  on  parts  and  labor.  3-year  24x7  on-site  repair 
(PN:  21 P2078)  with  a  4-hour  response  is  available  for  an  additional  $600 


IBM  Express  '‘Bundle  an 


h 


We  bundle  our  Express  systems  to  give  y 
need  -  while  saving  you  money  on  the  hardware  you  wan 
Act  now.  Available  through  ibm.com  and  IBM  Business  F 


express 

advantage" 


1  IBM  Global  Firancing  offerings  are  provided  Ifuough  IBM  Credit  Ll.C  in  the  United  States  and  other  IBM  .subsidiaries  and  divisions  world'^ride  to  qualified  commercia!  and  government  customers.  Monthly  payments  provided  are  for  pla- 
purposes  only  and  may  vary  based  on  your  credit  and  other  factors.  Lease  offer  provided  is  based  on  an  FMV  lease  of  36  monthly  payments.  Other  restrictions  may  apply.  Rates  and  ofierings  are  subject  to  cliange,  extension  or  ■wittidr.i.va'  withoU  "  ■ 
2.  IBM  hardware  products  are  rrianufactured  Irom  new  parts  or  new  and  serviceable  used  parts.  Regardless,  our  warranty  terms  apply.  For  a  copy  of  applicable  product  warranties,  visit.  ibm.conVser-yers/support/niachine^warrantie'- wrci,  -v  ^v 
information.  KO.  Box  12195,  RTP.  NC  27709.  Ann:  Dept  JDJA/B203.  IBM  ntakes  no  representation  or  warranty  regarding  ttiird-party  products  or  services,  including  those  designated  as  ServerProven  or  CiustefFroven'  Teifcmone  supjiort  n-:, 
to  additional  charges.  For  on-site  labor.  IBM  will  attempt  to  diagnose  and  resoive  the  problem  remotely  betore  sending  a  technician.  On-sife  warrarity  is  available  only  for  selected  components.  Optional  same-day  seiM-.-r-  'csponse  ■;  r 

systems  at  an  addi'.ional  charge. 

IBM,  the  IBM  logo,  IBM  Express  Advantage.  System  x  and  System  Storage  are  trademarks  of  Internationa!  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  For  a  complete  n  -t  of  IBM  trademarks,  see  www.ton  -  cor;  ■/;  -  -:.i. .  ,  ,  • 
shtml.  Intei  .and  Xeon  are  registered  toadernarks  of  Intel  Corporation.  Ali  other  products  may  be.  trademarks  or  registered  trademarks  of  their  respective  companies.  All  price.s  and  savings  estiniaie^  are  based  upoir  iBMs  c-;  ...  ■ 

of  8720  '08.  Prices  and  acfuai  savings  may  wry  acrgrding  to  configuration  Resellers  set  their  own  pritx«,  ■  e  reseller  prices  and  acttial  savings  to  end  users  may  van,  Producis  are  subject  to  availability  1  his  ooci:n  'ent  w.is  devcr-pj  ’  -c'  ■■■-  ,■  ■  ■  < 

United  States  IBM  may  rmt  otter  ttie  products,  features,  or  services  discussed  in  this  document  in  other  countries.  Prices  am  subject  to  change  wiirirjut  notice.  Starting  puce  may  not  inciude  a  nard  cnv«,  eg.:r.yir>g  system  or  -.'me;  ’  a; ;  c- ; .  ,  i- 
representative  or  IBM  Business  Partner  tor  tite  most  current  pricing  in  your  geographic  area.  ©  2008  IBM  Corporation.  All  rights  resfirved. 


■  OPERATING  SYSTEMS 


ENTERPRISE 


NOT  SO  FAST. 

Some  still  find  the  business  case 
dubious.  By  Robert  L.  Mitchell  i 


Migrating  business 
applications  from 
high-end  Unix-based 
systems  such  as 
Sparc/Solaris  to  com¬ 
modity  x86/Linux 

platforms  has  been  a  popular  idea  for 
the  past  few  years,  but  not  everyone 
thinks  going  full-on  with  Linux  is  the 
best  solution  —  at  least  not  yet. 

Dan  Blanchard,  vice  president  of 
enterprise  operations  at  Marriott  In¬ 
ternational  Inc.,  is  serious  about  Linux. 
He  says  his  company’s  transition  from 
high-end  Unix-based  systems  from 
Hewlett-Packard  Co.  and  IBM  is  ongo¬ 
ing  —  and  inevitable.  “We’re  migrat¬ 
ing,  and  we  have  a  strategy  to  continue 
deployment  of  Linux,”  he  says. 

Tony  lams  hears  that  refrain  from 
IT  executives  frequently.  “Companies 
have  had  a  long-term  goal  of  con¬ 
solidating  all  of  their  Unix  systems 
onto  Linux,”  says  lams,  an  analyst  at 
research  firm  Ideas  International  Ltd. 
The  companies  want  to  consolidate  on 
industry-standard  technology  across 
the  board,  he  says,  and  that  means 
Linux  running  on  x86  hardware. 

But  Norm  Fjeldheim,  CIO  at  Qual¬ 
comm  Inc.,  decided  to  take  a  pass  on  a 
Solaris-to-Linux  migration.  The  com- 


LINUX  IS  A 
CONTENDER 


Would  you  consider  changing  the 
operating  system  your  most  impor¬ 
tant  packaged  applications  run  on? 


BASE:  461  NORTH  AMERICAN 
ENTERPRISE  IT  DECISION-MAKERS 


Which  operating  system 
would  you  consider? 


BASE:  249  RESPONDENTS  WHO  SAID 
THEY  WOULD  CONSIDER  CHANGING. 
(MULTIPLE  RESPONSES  ALLOWED) 


> 

LU 

> 

O' 

D 

(/) 

(0 

o 

o 

c\i 

(T 

lii 

m 

5 

111 

>- 

a. 

LU 

if) 

u 

z 

X 

o 

a: 

<' 

lij 


(T 

X 

.lij 

H 

co 

UJ 

X 

X 

o 

u. 

X 

K 

o 

(D 

q: 

O 


lU 

u 

X 

o 

o 

CO 


pany  does  use  Linux  for  some  applica¬ 
tions,  but  Fjeldheim’s  IT  team  conclud¬ 
ed  that  migrating  its  industrial-grade 
Solaris  systems  to  Linux  was  a  dubious 
business  proposition.  “We’re  not  mov¬ 
ing  from  Sun  to  Linux.  We  haven’t 
been  able  to  make  the  economic  case 
for  it,”  he  says. 

While  it  appeared  at  first  glance  that 
C^alcomm  would  save  money  upfront 
on  hardware  and  operating  system 
costs  by  migrating,  the  price  compari¬ 
sons  offered  by  vendors  were  based  on 
retail  prices.  “We  don’t  pay  retail,  [and] 
when  we  figured  our  discounts  [with 
Sun  Microsystems],  the  price  advan¬ 
tages  went  away  for  Linux  pretty  fast,” 
Fjeldheim  says. 

And  that  wasn’t  the  only  issue.  His 
team  wasn’t  satisfied  with  the  quality 
of  the  administrative  tools  available 
for  the  Linux  environment.  At  the  time 
Qualcomm’s  IT  staff  did  the  assess¬ 
ment  —  some  18  months  ago  —  the 
things  that  make  an  administrator’s  job 
easier  “really  didn’t  exist  to  the  same 
degree  in  Linux  as  they  did  on  Unix- 
based  systems,”  Fjeldheim  says.  And 
that,  he  adds,  would  have  translated 
into  larger  administrative  costs. 

As  director  of  IT  at  Qualcomm, 
Matthew  Clark  was  part  of  the  team 
that  reviewed  the  Linux  option.  The 
company’s  ratio  of  administrators  to 
users  is  currently  500-to-I  (although  he 
plans  to  lower  that  to  about  450-to-l). 
“With  Linux,  it  would  have  been  150- 
or  175-to-L  We  would  have  had  to  hire 
three  additional  administrators  for 
every  administrator  we  have  right  now 
working  on  Unix,”  he  says. 

lams  isn’t  surprised  to  hear  that  as¬ 
sessment.  “That’s  traditionally  been  one 
of  Sun’s  strong  points,”  he  says.  “They’ve 
optimized  their  systems  for  that  metric.” 

Clark  acknowledges  that  the  admin¬ 
istrative  tools  have  improved  since 
CJualcomm  last  reviewed  its  Linux  op¬ 
tions,  but  he  still  thinks  Linux  would 
be  more  costly.  “If  we  started  today 
with  the  new  [tools]  coming  out,  we 
might  be  in  the  neighborhood  of  two 
[admins]  for  every  one,”  he  says. 

Although  the  numbers  didn’t  add 
up  for  Linux  as  a  Solaris  replacement, 
Clark  said  he’s  impressed  with  Linux’s 
overall  capabilities  and  believes  the 
operating  system  will  continue  to  have 
a  place  at  (Qualcomm.  “We  like  the 
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performance,  and  we  recognize  that 
throwing  a  whole  bunch  of  little  boxes 
at  things  can  work  really  well  in  cer¬ 
tain  applications,”  he  says. 

NOT  FOR  EVERYONE 

Blanchard  agrees  that  Linux  doesn’t 
work  for  every  applica¬ 
tion.  In  some  cases,  he 
has  seen  Marriott’s  IT 
team  look  at  a  Linux  mi¬ 
gration  and  decide  not 
to  proceed. 

Overall,  the  applica¬ 
tions  moving  to  Linux 
at  Marriott  tend  to  be 
high-end  Unix  sys¬ 
tems,  he  says,  and  the 
Linux-based  tools  that 
are  replacing  them  are 
sufficient  for  Marriott’s 
needs.  “We  started  talk¬ 
ing  about  enterprise- 
class  Linux  systems  10 
years  ago,”  Blanchard 
says.  “It  took  a  while  to 
get  that  up  and  running.” 

It  also  helps  that 
Marriott’s  IT  vendors 
are  supporting  the  initiative.  Rather 
than  trying  to  persuade  the  hospitality 
company  to  stay  on  Unix  systems  and 
high-end  server  hardware,  both  IBM 
and  HP  have  been  helping  to  make 
those  migrations  go  smoothly.  “Our 
vendors  are  very  comfortable  with  this 
transition,”  Blanchard  says. 

For  now,  however,  Unix  systems  are 
still  very  much  in  the  mix  as  Marriott 
plans  migrations  on  a  case-by-case 


basis.  “We  do  not  have  a  strategy  to 
just  close  our  eyes  and  go  with  one 
particular  platform  to  the  exclusion  of 
all  others,”  Blanchard  says. 

For  its  part,  Qualcomm  is  getting 
more  bang  for  its  buck  from  its  Solaris  10 
systems  by  taking  advantage  of  the  op¬ 
erating  system’s  virtualization  technol¬ 
ogy,  Solaris  Containers.  That  feature 
was  also  responsible  for  stopping  Bank 
of  New  York  Mellon’s  Linux  transition 
plans. 

Dennis  Smith,  first  vice  president 
in  the  bank’s  advanced  engineering 
group,  says  that  when  he  started  plan¬ 
ning  last  January,  he  anticipated  a 
wholesale  “replatforming”  of  all  of  the 
Solaris  systems  at  the  bank  onto  Linux 
servers.  That  hasn’t  happened. 

After  transitioning  a  few  systems. 
Smith  decided  to  bring  Sun  back  in  to 
talk  about  potentially  using  its  virtualiza¬ 
tion  technology,  and  he  began  to  experi¬ 
ment  with  Solaris  Containers.  “We’re 
in  the  middle  of  that  now,”  he  says. 

Sun’s  Containers  technology,  which 
creates  virtual  machine 
instances  that  share 
a  single  copy  of  the 
operating  system,  can 
make  for  a  compelling 
economy-of-scale  ar¬ 
gument,  lams  says.  It 
can  scale  much  better 
than  VMware,  it’s  more 
mature  than  Parallels’ 
Virtuozzo,  and  it’s  sup¬ 
ported  by  Sun  as  part 
of  the  core  operating 
system.  With  Contain¬ 
ers,  he  says,  “you  have  a 
much  smaller  footprint 
per  instance,  so  you  get 
a  much  higher  level  of 
consolidation.  While 
you  might  [have]  a  few 
dozen  [VMs  per  physi¬ 
cal  server]  with  VM¬ 
ware,  with  Containers  it’s  hundreds 
—  or  even  thousands  —  per  server.” 

Smith  saw  enough  of  a  benefit  from 
Containers  to  change  his  plans,  but 
he’s  still  keeping  Linux  in  the  pic¬ 
ture.  “We  won’t  be  as  aggressive  in 
replatforming  to  Linux  as  we  initially 
thought,”  he  says. 

But,  he  adds,  “we  feel  that  both  plat¬ 
forms  will  have  a  place  in  our  infra¬ 
structure.”  ■ 


We’re 
migrating, 
and  we  have 
a  strategy  to 
continue  deploy¬ 
ment  of  Linux. 

DAN  BLANCHARD,  VICE 
PRESIDENT  OF  ENTERPRISE 
OPERATIONS,  MARRIOTT  IN¬ 
TERNATIONAL  INC. 

We’re  not 
moving  from 
Sun  to  Linux.  We 
haven’t  been  able 
to  make  the  eco¬ 
nomic  case  for  it. 

NORM  FJELDHEIM,  CIO. 
QUALCOMM  INC. 


Here’s  another  way  you  can  become 
more  productive.  IBM  System  x3500 
Express  affordably  manages  your  IT 
network  from  one  location,  identifies 
potential  problems  before  they  happen, 
and  keeps  your  downtime  to  a  minimum. 
It’s  innovation  made  easy. 

PN:  7977E7U _ _ 

Featuring  up  to  two  Intel*  Xeon*  Processors 
E5420  2.50  GHz/1333  MHz-12  MB  QC  (80w) 
2x1  GB.  keytx)ard  and  mouse,  HS  SAS/SATA 
1  X  835W  power 

Up  to  8  hot-swappable  SAS  or  SATA  HDDs 
or  up  to  12  hot-swappable  SFF  SAS  or  SATA 
HDDs  to  support  large  capacity 


ibm.com/systems/simplifyit 

1  866-872-3902  (mention  6N8AH15A) 


IBM.  the  IBM  logo,  IBM  Express 
Acivaptage.  System  x  and  System 
Storage  an;  Sadetnarks  of  Internationa! 

Business  Madrines  Corporalion  in  ttie 
United  Slates  aod'Or  ottia  countries.  Fw 
a  oompiete  list  of  IBM  Irademaite,  see 
v.'.w.ibm.com/legal/copytrade.shtmi. 

Inta  and  Xeon  arc  rcgi.stered  trademarks 
of  intei  Corporation.  Ail  other  products 
nay  te  trademarks  or  registeieri 
tradernarks  of  their  respschveci'rrr.panies 
All  prices  and  savings  esUnviies  arc 
based  opon  IBM's  estimated  retail  selling 
prices  as  ot  8/2008.  Pricrs  ard  aduai 
savings  may  vary  according  to  contiguratior:.  Reseller^ .m- 
prices,  so  reselter  piices  and  actirai  sa'rings  lo  fcrd  ri:r:s  o.ay  m- 
Prodocts  are  sobiec!  to  avaitab::!'-  Fho  was 
otferings  in  the  United  Shns.  tBMr-^y  sorcKo: 
or  services  dP-t  d  m  'it's  drv  r^neni  in  u!i«  ■  -s  pcv:. 
are  sublet!  N:  Ctvrge  wtei*  «<•«>,  rw.rs  p-  —  ^  p  ;i,; 
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■  SECURITY  MANAGER’S  JOURNAL  I  MATHIAS  THURMAN 


Eyeing  Risks  While 
Cutting  Spending 

How  do  you  cut  15%  of  your  budget  while 
keeping  the  company  secure?  You  assess 
the  risks  and  keep  your  fingers  crossed. 


WE’RE  STILL 
dealing  with 
fallout  from 
the  weakening 
economy.  Besides  the  mas¬ 
sive  layoff  I  wrote  about 
last  time,  each  department 
has  been  told  to  decrease 
spending  by  15%. 

My  job  as  a  security 
officer  is  to  ensure  the  con¬ 
fidentiality,  integrity  and 
availability  of  our  systems 
and  intellectual  property, 
and  my  budget  was  fairly 
limited  already.  So  there 
wasn’t  much  I  could  do  to 
further  cut  expenses  with¬ 
out  putting  the  company  at 
serious  risk.  Nonetheless, 

I  did  a  risk  assessment  and 
came  up  with  the  follow¬ 
ing  cutbacks. 

First  up  is  intrusion 
detection.  Our  12  sensors 
are  positioned  to  monitor 
the  DMZs  at  corporate 
and  remote  offices  as  well 
as  major  data  centers  and 
some  interoffice  communi¬ 
cations.  We’re  using  several 
offshore  analysts  to  moni¬ 
tor  those  sensors:  they  at¬ 
tend  to  the  alerts  and,  when 
necessary,  escalate  things 
to  our  analysts  here  in  the 
U.S.  for  evaluation  and  ac¬ 
tion.  But  we’re  definitely 
monitoring  more  attack 


signatures  than  we  need  to. 
Our  analysts  spend  a  good 
part  of  their  days  chasing 
false  positives. 

When  we  had  more  re¬ 
sources,  that  didn’t  seem 
like  a  big  deal,  but  now  it’s 
looking  like  an  area  of  po¬ 
tential  savings.  I’m  going 
to  tune  the  rules  so  that  we 
can  decrease  the  offshore 
head  count. 

The  next  cuts  are  in  the 
form  of  SecurlD  tokens. 
Until  now,  our  company 
has  issued  the  hard  (key 
fob)  tokens.  There  are  cur¬ 
rently  more  than  5,000  to¬ 
kens  deployed  worldwide. 
These  tokens  have  bat¬ 
teries  that  last  only  a  few 
years,  and  then  new  tokens 
are  needed. 

With  software  tokens, 
we  can  eliminate  the  need 
for  those  hardware  re¬ 
placements  and  the  cost  of 
shipping  fobs  to  our  users 

■  rm  never  happy 
about  having  to 
make  cuts  in  the 
security  budget, 
of  course,  but  I’m 
sure  that  this  eco¬ 
nomic  downturn 
will  be  short-lived. 


around  the  world.  They 
are  easier  to  deploy,  and 
there  aren’t  any  batteries. 

The  drawback  is  the 
threat  of  keystroke-capture 
programs.  Since  the  physi¬ 
cal  tokens  are  separate 
from  the  computers, 
they’re  not  susceptible  to 
keystroke  capture  being 
used  to  obtain  a  user’s  PIN. 

It’s  a  risk  we’re  going  to 
have  to  take,  and  we  may 
be  able  to  get  users  to  en¬ 
ter  their  PINs  by  pointing 
their  mice  to  on-screen 
number  pads,  which  would 
mitigate  the  keystroke- 
capture  threat.  An  added 
benefit  is  that  the  software 
tokens  can  be  used  on  mo¬ 
bile  devices. 

LONG-DISTANCE  AUDIT 

Other  savings  will  come 
from  altering  my  audit 
schedule  from  twice  to 
once  a  year.  This  saves 
on  travel  expenses  and 
the  cost  of  an  indepen¬ 
dent  contractor.  I’m  also 
looking  into  having  an 
engineer  in  India  conduct 
the  audits.  That  could  be 
doable  because  my  audit 
methodology  is  fairly 
streamlined  and  routine. 

Finally,  I’m  going  to 
stop  paying  maintenance 


Trouble 

Ticket 

ISSUE:  Every  department 
has  to  cut  15%  from  its 
budget. 

ACTION  PLAN:  Do  a 

thorough  risk  assessment 
before  making  any  cuts. 
Risking  a  vulnerability  in 
order  to  save  money  v/ould 
be  foolhardy  -  and,  in  the 
long  run,  expensive. 

on  some  of  our  commer¬ 
cial  scanning  tools.  I’ll 
keep  IBM’s  ISS  Scanner 
for  servers  and  Hewlett- 
Packard’s  Weblnspect  for 
applications,  but  we  can 
use  open-source  tools  to 
fill  in  the  gaps.  Nessus 
has  always  served  me 
well,  and  the  open-source 
version  can  stand  up 
nicely  to  the  commercial 
equivalents.  And  there  are 
plenty  of  Web-based  ap¬ 
plication-scanning  tools, 
such  as  Nikto  or  Google’s 
Ratproxy.  They  may  lack 
the  bells  and  whistles  of 
commercial  equivalents, 
but  they  do  the  job. 

I  doubt  I’ll  be  able  to  get 
to  that  15%  figure  with¬ 
out  pulling  out  firewalls 
and  VPN  concentrators. 
But  doing  things  like  that 
is  riskier  than  the  other 
things  I  outlined  above. 

I’m  never  happy  about 
having  to  make 
cuts  in  the  se¬ 
curity  budget, 
of  course,  but 
I’m  sure  that 
this  economic 
downturn  will 
be  short-lived  and  that  I 
will  eventually  be  able  to 
ramp  up  our  security  pro¬ 
gram  again,  returning  it  to 
a  more  meaningful  level.  ■ 
This  week's  journal  is  writ¬ 
ten  by  a  real  security  man¬ 
ager,  “Mathias  Thurman,” 
whose  name  and  employer 
have  been  disguised  for 
obvious  reasons.  Contact 
him  at  mathias_thurman@ 
yahoo.com. 
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Ojoin  in 

To  join  in  the  discussions 
about  security,  go  to 

coniputerworld.com/ 

blogs/security 
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■  OPINION 


Boutique  Bound? 

AS  A  RESULT  of  the  shaky  economy,  many  IT  pro¬ 
fessionals  have  recently  lost  their  jobs,  and  more 
layoffs  lurk  ahead.  Many  tech  workers  will  consid¬ 
er  joining  or  forming  small  boutique  consulting 
firms  with  staffs  ranging  from  one  to  50  employees. 


A  boutique  is  riskier 
than  an  established 
consultancy.  Boutiques 
(particularly  those  with 
only  one  or  two  people) 
may  not  have  established 
clients,  methodologies  or 
administrative  processes. 
Worse,  they  may  not  have 
the  resources  to  train  new 
employees  who  have  lim¬ 
ited  consulting  experience. 
Before  joining  or  creating 
a  boutique  consulting  firm, 
consider  these  aspects: 

■  Services  offered.  Suc¬ 
cessful  boutiques  deliver 
a  small  number  of  very- 
high-quality  services. 
(Even  large  consultancies 
cannot  deliver  every  possi¬ 
ble  service.)  Focus  the  firm 
on  industries  and  services 
where  the  staff  has  exper¬ 
tise.  Resist  the  urge  to  tell 
potential  clients  you  can 
address  any  IT  issue. 

■  Business  development. 
No  consultancy  can  ex¬ 
ist  without  clients.  Most 
boutiques  struggle  to  build 
enough  market  awareness 
so  that  potential  clients 
know  they  exist.  Often, 
when  people  start  a  firm, 
friends  hire  them.  This  will 
jump-start  a  boutique,  but 
it  won’t  create  a  sustainable 
company.  The  firm  must 


learn  to  identify  potential 
business  opportunities  and 
close  deals  with  strang¬ 
ers.  If  you  hate  the  selling 
process  or  quake  at  the 
thought  of  making  cold 
calls,  avoid  boutiques. 

■  Hands-on  expectations. 
Executives  who  become 
consultants  sometimes 
want  to  offer  advice  based 
largely  on  their  experi¬ 
ence.  Sustainable  bou¬ 
tiques  must  move  beyond 
armchair  consulting. 
Although  experience  pro¬ 
vides  valuable  perspective, 
clients  also  expect  consul¬ 
tants  to  base  their  findings 
and  recommendations  on 
rigorous  analysis.  Some 
former  executives  are  un¬ 
happy  with  the  required 
attention  to  detail. 

■  Idea  acceptance.  In 
most  large  organizations, 
middle  managers  scramble 
to  implement  senior  ex¬ 
ecutives’  ideas,  even  half- 
baked  ones.  Boutique  con¬ 
sultants  can’t  force  clients 

■  Most  boutiques 
take  the  position 
that  if  you  want 
a  staff  meeting, 
look  in  the  mirror. 


to  implement  their  ideas; 
they  must  sell  them.  This 
requires  collaboration 
with  the  client  and  a  will¬ 
ingness  to  have  your  ideas 
modified.  If  your  ego  can’t 
handle  that,  stay  away. 

■  Delegation.  Because 
boutiques  rarely  employ 
junior  consultants  and  usu¬ 
ally  have  limited  adminis¬ 
trative  help,  delegation  may 
not  be  an  option.  Boutique 
consultants  must  be  profi¬ 
cient  with  Excel  and  Power¬ 
Point  and  willing  and  able 
to  write  their  own  reports. 
Most  boutiques  take  the 
position  that  if  you  want  a 
staff  meeting,  look  in  the 
mirror  (and  hope  that  you 
don’t  get  into  an  argument). 

■  Status.  Some  people 
who  choose  boutiques  find 
that  they  miss  the  status 
and  perks  of  a  large  orga¬ 
nization.  Corporate  execu¬ 
tives  will  miss  having  an 
executive  assistant.  Few 
clients  provide  support  to 
consultants  beyond  basic 
levels.  Expect  cramped 
office  space  with  inconsis¬ 
tent  network  access.  Don’t 
expect  the  client  to  take 
you  to  dinner.  Instead, 
expect  your  schedule  to  be 
inconveniently  rearranged 
on  short  notice.  (Learn  to 


love  travel  Web  sites.)  Bou¬ 
tique  consultants  are  at  the 
bottom  of  the  pecking  or¬ 
der.  Avoid  disappointment 
by  adjusting  your  attitude 
accordingly. 

■  Financial  impact.  With 
lower  overhead  than  big¬ 
ger  consultancies,  bou¬ 
tiques  are  very  profitable 
when  everyone  is  working 
on  billable  projects.  But 
boutiques  may  experience 
large  cycles  of  feast  and 
famine,  and  most  have 
limited  funding  to  pay  the 
staff  during  idle  periods. 

Be  prepared  financially. 

■  Exit  strategy.  Some 
boutiques  are  organized 
around  the  owners’  life¬ 
styles,  and  these  intention¬ 
ally  remain  small.  In  other 
cases,  the  owners  hope  to 
grow  and  sell  the  firm.  If 
the  boutique  is  ultimately 
sold  to  an  established 
consultancy  or  to  younger 
partners,  the  change  will 
create  opportunities  and 
challenges.  Be  sure  you 
understand  the  owners’ 
growth  plans  and  time 
frames  before  joining. 

Boutique  consulting 
firms  offer  tremendous 
opportunities  for  IT  pro¬ 
fessionals,  but  they  also 
present  unique  challenges. 
Gather  plenty  of  data  and 
thoroughly  research  the  as¬ 
sociated  challenges  and  op¬ 
portunities  before  deciding 
if  you’re  boutique  bound.  ■ 
Bart  Perkins  is  managing 
partner  at  Louisville,  Ky- 
based  Leverage  Partners 
Inc.,  which  helps  organiza¬ 
tions  invest  well  in  IT.  Con¬ 
tact  him  at  BartPerkins@ 
LeveragePartners.com. 
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MARKETPLACE 


Instantly  Search 
Terabytes  of  Text 


♦  dozens  of  indexed, 
unindexed,  fielded  data 
and  full-text  search 
options  (including 
Unicode  support  for 
hundreds  of 

international  languages) 

♦  file  parsers  /  converters 
for  hit-highlighted 
display  of  all  popular 
file  types 

♦  Spider  supports  static 
and  dynamic  web  data; 
highlights  hits  while 
displaying  links, 
formatting  and  images^ 
intact 


dtSearch 


Instantly 

TerabytesjjfjBXt 


♦  API  supports  .NET,  C++, 
Java,  databases,  etc. 
New  .NET  Spider  API 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


♦  "Bottom  line:  dtSearch  manages  a  terabyte  of  text  in  a 
single  index  and  returns  results  in  less  than  a  second" 

-  InfoWorld 

♦  "For  combing  through  large  amounts  of  data,"  dtSearch 
"leads  the  market"  -  Network  Computing 

♦  dtSearch  "covers  all  data  sources  ...  powerful  Web-based 
engines"  -  eWEEK 

♦  dtSearch  "searches  at  blazing  speeds"  -  Computer  Reseller 
News  Test  Center 

See  www.dtsearch.com  for  hundreds  more  reviews, 

and  hundreds  of  developer  case  studies 


Contact  dtSearch  for  fully-functional  evaluations 


1-800-IT-FINDS  •  www.dtsearcK^cdm 


Your  message  works  in  the  Marketplace  section! 


VBimSDirea* 

PRINT  MEDIA  SERVICES 


To  advertise,  call  212-655-5220  or  email  temerson@ven.com 


»  MuroGoose 

flimate  Monitor 


p-V  ?'-'  ■■  ! 


m  I  iullf-iiii  Web  interface 
m  I  Tempefatory^  Humidity 
I  Power  over^ithernet  linabled 
^  I  E-mait  Aidrilis  &  Escalations 
13  J  SNMP,  XWll,  HHP,  HTTPS^^g 
OpfidballP  Web  Cams 


MiiroGoose 

^$199 


Receive  our  FREE  BOOK  bv  emailing 
us  at  FreeBook@ITWatchDogs.com 
with  your  mailing  address  or  call  us 

at  512-257-1462 


Server  Room 
Climate  &  Power 
Monitoring 


Your  message  works  in  the 
Marketplace  section! 


OM’s  Global 


VBfniSDirect' 

PRINTIMEDIAISERVICES 


To  advertise,  call  212-655-5220  or 
email  temerson@ven.com 
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■  Q&A 

Steve  King 

The  president  and 

A  of  VIrtela  Com- 

munications  Inc.  has 

advice  for  any  would-be  entre¬ 
preneurs  considering  marketing 
their  own  high-tech  gadget  or 
launching  an  IT  service. 


What  mistakes  do  first-time 
tech  CEOs  commonly  com¬ 
mit  when  launching  a  busi¬ 
ness?  The  No.  1  mistake  is  trying 
to  do  too  much  too  soon  early  in 
the  life  cycle  of  a  company.  The 
customer's  strategy  must  drive  the 
company’s  strategy.  You  should 
find  a  beachhead  and  stick  to  it. 

Be  laser-focused  on  where  you 
can  build  a  complete  product  for  a 
segment  that’s  going  to  buy  it. 

Another  thing  that’s  difficult 
for  the  first-time  CEO  is  getting 
unfiltered  information  from  the 
organization. 

What  do  you  mean?  You’re 
getting  good  news  all  the  time  or 
bad  news  all  the  time,  depending 
on  who  you’re  getting  the  informa¬ 
tion  from.  It’s  not  unfiltered  data 
that  you  can  analyze.  You’re  not 
always  getting  the  straight  scoop 
from  your  team  because  either 
they’re  intimidated  or  they  don’t 
want  to  give  you  bad  [news].  You 
want  raw,  unfiltered  data,  because 
you  can  react  to  that  and  integrate 
it  into  your  analysis. 


What  advice  would  you  offer 
aspiring  technology  entre¬ 
preneurs,  particularly  those 
with  a  predominantly  tech¬ 
nical  background?  First  and 
foremost,  you’ve  got  to  surround 
yourself  with  a  strong  team.  If  you 
have  a  technology  background, 
you  need  to  have  a  partner  with  a 
product  marketing  background. 
And  finding  really  strong  product 
marketing  talent  is  not  easy.  It  isn’t 
necessarily  true  that  if  you  build 
the  right  product,  the  world  will 
beat  a  path  to  your  door. 

What  else  should  entrepre¬ 
neurs  focus  on?  Building  a 
team  that’s  focused  on  the  market 
that  they’re  pursuing.  Being  the 
CEO  of  a  technology  start-up  is 
really  difficult.  You  have  to  focus 
your  attention  on  so  many  areas; 
investors,  industry  analysts,  the 
media.  You  have  to  make  sure 
you’re  applying  enough  bandwidth 
to  all  of  those  areas  as  a  CEO.  It’s 
not  for  everyone. 

-THOMAS  HOFFMAN 
(tom_hoffman24@gmail.com) 
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Who  Are  You? 

Survey  finds  IT  pros  worldwide  hate  workplace  politics 
*  and  love  the  History  Channel 
Having  an  aptitude  for  technology  seems  tike  a  good  prereq¬ 
uisite  for  an  IT  professional,  but  how  about  having  a  thing  for 
the  Eagles  song  “Hotel  California”?  Both  show  up  as  common  at¬ 
tributes  in  a  wide-ranging  survey  conducted  by  online  community  ITtoolbox 
and  PJA  Advertising  &  Marketing.  Besides  asking  about  the  work-related 
issues  below,  the  survey  pried  into  areas  like  favorite  books  (The  Bible  was 
No.  1,  followed  by  the  Harry  Potter  series,  but  business  titles  like  7  Habits  of 
Highly  Effective  People  and  The  Wofidls  Efaf  also  made  the  top  10),  consumer 
technology  that  IT  pros  would  most  like  to  own  (Blu-ray  players),  politics  and 
preferred  TV  channels  (the  History  Channel  was  No.  1,  followed  by  CNN  and 
ESPN).  When  it  comes  to  favorite  songs,  the  respondents  showed  a  clear 
preference  for  hits  from  the  ’70s  and  emo;  the  only  contemporary  songs  in  the 
top  10  were  two  by  Coldplay.  No.  8,  Rnk  Floyd’s  “Comfortably  Numb,”  was 
perhaps  the  response  of  several  hundred  people  who  thought  they  were  an¬ 
swering  the  question,  “How  do  you  feel  when  things  are  going  well  at  work?” 


How  do  you  feel 
when  things  are  going 
well  at  work? 


What  are  the  biggest 
headaches  you 
experience  at  work? 

(Choose  up  to  three.) 

Company  politics 
get  in  the  way  of 

good  decision-making  51% 


Other;  1% 


I’m  putting  out  fires 

instead  of  setting  strategy  40% 

Technology  doesn’t 

work  as  promised  37% 

I  am  not  provided 

with  the  tools  1  need 

to  be  most  efficient  25% 


My  deadlines  are 
unrealistic 


20% 


Vendors  are  always 

trying  to  sell  me  something  19% 


Which  of  the  following 
best  describe 
how  you  ended  uo 
with  a  career  in  IT? 

(Choose  up  to  three.) 


I  had  an  aptitude  for 
technology  as  a  kid 

53.5% 

I  just  found  myself 
in  the  held 

39.5% 

It  was  my  major 
in  college 

32.7% 

I’ve  always  been 
more  left-brain  than 
right-brain 

22.3% 

A  friend  encouraged 
me  to  look  into  IT 

13.7% 

It  felt  like  a  safe  choice 

12% 

My  parents  influenced 
my  decision 

6.4% 

I  don’t  remember 

5.8% 

1  spend  too  much  time 
managing  my  infrastructure  18% 


Other:  1% 


and  praise  fr  v 
coil; 


SOURCE:  2008  ITTOOLBOX/PJA  IT  SOCIAL  MEDIA  INDEX 
WAVE  III.  A  SURVEY  OF  2.935  IT  PROFESSIONALS  FROM 
109  COUNTRIES:  JULY  2008 


IT  careers 


Computer  Applications  Specialist 
(Anderson,  SC):  Responsible  for 
proper  sizing,  installation  and 
day-to-day  operations  of  multiple 
hardware  and  software  platforms 
in  addition  to  ensuring  proper 
functioning  of  the  hardware  and 
software.  4  years  of  experience 
in  a  related  systems  analyst,  pro¬ 
gramming,  or  network/computer 
systems  administration  position. 
4  years  of  experience  must 
include  experience  in  HP3000, 
AS400.  Windows  NT  Server, 
Microsoft  Office,  Word,  Excel, 
Outlook,  Access,  Power  Point, 
TAM  (Tenant  Accounting 
Software),  Mr.  Chad  Brooks, 
McAlister  Heating  &  Air 
Conditioning,  Inc.,  4440  Highway 
24,  Anderson,  SC  29626. 


Senior  Analyst  (NY,  NY):  Identify 
&  execute  analytic  reqmts, 
deploy  &  suppt  Lattice  solutions 
&  deliver  bus  insights  from  pro¬ 
fessional  services  engagemts. 
Customer  facing  roie  w/travei 
req'd.  Min  Reqmts:  MS  in  Math, 
Physics,  Economics  Engg  or  rei 
&  demonstrated  exp  1)w/  Bl  toois 
(i.e..  Excel  pivot  tables);  &  2)  w/ 
statistical  model'g  (i.e,,  regress'n, 
decision  tree)  &  w/programm'g 
languages  (i.e.,  HTML,  CSS, 
PHP,  MySQL,  C++,  Java)  for  sw 
applic  &  user-interface  dsgn. 
Send  res  to  Tom  Ebling,  CEO, 
Lattice  Engines  Inc.  281-283 
Franklin  St,  Boston,  MA  02110, 
w/ref  to  job  Code:  LE1208.  No 
calls  please _ 


y - ; - \ 

Looking  for 
something  new? 

You’ve  come  to  the 
right  place! 


Check  back  with  us  weekly 
for  fresh  listings  placed  by  top 
companies  looking  for  skilled 
professionals  like  you! 


\ 


iTjcareers 


COMPUTER  ENGINEER  SOFTWARE 
EWorld  Technology,  Analyze, 
write  programs,  interface  for 
leading  businesses  transitioning 
to  E-commerce  etc,  salary  com¬ 
mensurate  with  experience  and 
education,  full-time.  Mail  resume 
to  Nasir  Junejo  19550  7th  Ave 
NE,  Shoreline,  WA  98155. 


C/D 

♦ _ , 

Searching  for 

0) 

diverse  IT  Talent? 

Let  Computerworld  IT  careers 

5—1 

put  your  recruitment  message  in 

cd 

front  of  over  1,400,000 

O 

qualified  IT  professionals! 

Contact  sales  for  details 

at  800  762  2977 

CO-BRANDED 

EMAIL 
BLASTS 

Reach  your  targeted  audience  of  professional  IT  job  seekers 
with  Computerworld’s  Co-Branded  Email  Blasts.  This  unique 
program  allows  you  to  choose  your  criteria  of  100%  opt-in 
subscribers  by  geography,  company  size,  job  title  and  industry. 

For  more  information  contact  COMPUTERWORID 

Dawn  Cora  at  800.762.2977  IT  CAREERS 


ATTENTION 


•  •  • 


Law  Firms 
IT  Consultants 
Staffing  Agencies 


Are  you  frequently 
placing  legal  or 
immigration  advertisements? 

Let  us  help  you  put 
together  a  cost-effective 
program  that  will  make  this 
time-consuming  task  a 
little  easier! 


Place  your 

Labor  Certification  Ads  here! 


For  more  information 
contact  us  at: 

800.762.2977 


iTcareers 
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SharKSnk 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 


Because  We  Care 

This  IT  shop  has  a  minicom¬ 
puter  that  keeps  failing  for 
no  apparent  reason.  “This 
had  been  going  on  for  three 
months,”  reports  a  pilot  fish 
on  the  scene.  “Engineers  had 
been  out  to  check  the  ma¬ 
chine  and  could  find  nothing 
wrong.  One  day,  I  was  work¬ 
ing  behind  the  computer  and 
touched  the  main  400-volt 
connection  -  and  shot  two 
feet  backward.  I  then  went 
back  into  the  office,  shaking 
my  hand  to  remove  the  tin¬ 
gling  sensation,  and  proceed¬ 
ed  to  tell  my  boss  that  I  now 
knew  what  was  up  with  the 
computer.  An  engineer  came 
out  and  swapped  the  power 
supply  unit,  and  the  problem 
never  appeared  again.  And 


the  comment  from  my  boss? 
‘If  you  had  been  really  badly 
electrocuted,  we  would  have 
taken  you  outside,  put  you  up 
against  a  lamppost  and  sued 
the  city.’  ” 

Baby,  It’s  Cold  Inside 

Flash  back  to  the  1960s, 
when  this  pilot  fish  is  a  part- 
time  computer  operator  at 
his  university.  “The  computer 
center  was  in  an  annex  off  the 
engineering  building,”  says 
fish.  “We  had  three  comput¬ 
ers -an  IBM  360/65,  IBM 
7044  and  IBM  1401,  which 
all  put  out  a  massive  amount 
of  heat  and  required  air  con¬ 
ditioning  24/7.  Since  I  was  a 
townie  and  everyone  else  was 
home  for  the  holidays,  I  had 
the  chore  of  working  Christ¬ 


mas  Eve  powering  everything 
down  and  reopening  at  6  a.m. 
on  the  26th.  Christmas  Eve 
was  bitterly  cold,  and  when  I 
opened  up  on  the  26th,  I  knew 
something  was  wrong  when 
I  could  see  my  breath  inside 
the  computer  room.  When  I 
powered  up  the  360/65, 1  was 
nearly  blinded  by  red  lights 
indicating  system  failures. 
Same  with  the  7044.  But  the 
trusty  1401,  which  was  used 
only  for  I/O,  powered  up  just 
fine.  It  served  as  an  electronic 
campfire,  around  which  I  sat 
making  desperate  calls  to 
every  engineer  on  the  call  list, 
asking  for  help.  Turns  out  that 
since  we  were  operating  24/7 
with  huge  thermal  output,  no 
one  had  given  much  thought 
to  supplying  heat  to  the  com¬ 
puter  room!” 

Blackout 

It’s  the  mid-1980s,  and  the 
mainframe  programmers  in 
this  IT  shop  all  use  green- 
screen  terminals.  “The  guy 
next  to  me  came  in  and  hred 


up  his  terminal,  but  the  screen 
stayed  dark,”  says  a  pilot  hsh 
there.  “After  checking  the  ca¬ 
bles,  tech  support  determined 
the  CRT  was  bad.  A  new  CRT 
was  brought  in,  and  it  worked. 
As  the  tech  was  taking  away 
the  defective  CRT,  he  asked, 
‘Do  you  want  your  glare  pro¬ 
tector?’  He  pulled  the  Velcro- 
connected  glare  protector  off 
the  old  CRT,  and  a  black  sheet 
of  paper  fell  out  from  behind. 
We  never  found  out  who 
among  the  50  programmers 
was  responsible.” 

■  Sharky  won’t  tell  anyone 
who’s  responsible  for  your  true 
tale  of  IT  life.  Send  it  to  me  at 
sharky@computerworld.com, 
and  you’ll  get  a  stylish  Shark 
shirt  if  I  use  it. 


O  DO  YOU  LOVE  SHARK  TANK? 

Then  you  might  like  Shark  Bait,  too. 

Dive  in  and  dish  the  dirt 
with  like-minded  IT  pros.  ' 

sharkbait.computerworld.coin 

O  CHECK  OUT  Sharky’s  blog,  browse  the 
Sharkives  and  sign  up  for  Shark  Tank  home 
delivery  at  computerworld.com/sharky. 
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■  COMPANIES 
IN  THIS  ISSUE 

Page  number  refers  to  page  on  which 
story  begins.  Company  names  can  also 
be  searched  at  computerworld.com 


3MCorp . 12 

Advanced  Micro  Devices  Inc . 6 

Apple  Inc . 6,10,40 

Autodesk  Inc . 12 

Barclays  PLC . 10 

Boston  University . 6 

Carnegie  Mellon  University . 2 

Cohen  Mohr  LLP . 16 

CommVault  Systems  Inc . 17 

Courtroom  View  Network . 6 

Dell  Inc . 8,30 

EMCCorp . 17 

Fiservinc . 26 

Flextronics  International  Ltd . 6 

Forrester  Research  Inc . 12, 23, 26, 32 

F-SecureCorp . 8 

Gabriel  Consulting  Group  Inc . 12 

Gartner  Inc . 2,10,12,14,24 

Glumac . 28, 29, 30 

Google  Inc . 6, 12, 17, 34 

Great  Florida  Bank . 14,16 

Harvard  University . 6 

Hewlett-Packard  Co . 32, 34 

Hitachi  Data  Systems  Corp . 16 

Hunton  &  Williams  LLP . 10 

IBM . 6, 32, 34 


;  IDC . 33 

;  Ideas  International  Ltd . . . . . . 32 

;  Infosys  Technologies  Ltd. ...? . 10 
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■  FRANKLY  SPEAKING 

Frank  Hayes 

More  Than  a  List 

OH,  NOT  AGAIN.  Last  week,  the  SANS  Institute 
and  Mitre  released  yet  another  list  of  the  most  se¬ 
rious  programming  errors  that  break  software  se¬ 
curity.  And  this  time,  SANS  and  Mitre  got  dozens 
of  other  organizations  to  sign  on,  including  Microsoft,  Apple, 
Oracle,  Tata,  Symantec,  the  Department  of  Homeland  Securi¬ 
ty  and  the  National  Security  Agency. 

But  no  matter  how  good  it  is,  a  list  won’t  solve  this  problem. 


Yes,  it’s  a  fine  list.  It 
includes  all  our  old  favor¬ 
ites:  overflowing  buffers, 
unchecked  input,  random 
numbers  that  aren’t  really 
random,  failure  to  block 
cross-site  scripting  and 
SQL  injection.  (You  can 
find  the  complete  list  at 
www.sans.org/top25errors.) 

Trouble  is,  we’ve  seen 
lists  like  these  before.  Se¬ 
curity  groups  have  been 
issuing  them  for  decades 
—  and  nothing  much  has 
changed. 

SANS  and  Mitre  say 
this  one  is  better,  because 
this  time  they  tapped  doz¬ 
ens  of  other  organizations 
to  help  compile  the  top  25 
programming  problems. 
Surely  that  will  convince 
programmers  to  see  the 
error  of  their  ways  and 
start  coding  securely, 
won’t  it? 

No,  it  won’t.  Program¬ 
mers  who  care  about  se¬ 
curity  don’t  need  this  new 
list.  They  already  know 
about  these  problems  and 
work  to  avoid  them. 


And  programmers  who 
don’t  care  about  security 
won’t  even  notice  the  new 
list.  They  figure  security 
is  somebody  else’s  job. 

But  this  list  isn’t  a 
complete  waste.  There’s 
the  germ  of  a  new  idea 
here  —  and  if  we’re  really 
lucky,  SANS  and  Mitre 
will  make  it  a  reality. 

One  of  the  goals  for  this 
new  list  is  that  big  soft¬ 
ware  buyers  will  be  able 
to  use  it  to  improve  soft¬ 
ware  quality.  For  example, 
SANS  says  some  state 
governments  are  already 
thinking  about  requiring 
software  suppliers  to  cer¬ 
tify  in  writing  that  their 
code  is  free  of  the  errors 
on  the  list. 

Self-certification?  Yeah, 
good  luck  with  that. 

■  There’s  the  aerm 
of  a  new  idea  here 
-  and  if  we’re  real¬ 
ly  lucky,  SANS  and 
Mitre  will  make  it  a 
reality. 


But  wait  —  there’s  no 
special  reason  why  any 
buyer  should  have  to  trust 
a  software  provider’s  word 
that  the  code  is  clean.  Why 
not  make  third-party  certi¬ 
fication  the  standard?  Cer¬ 
tification  companies  could 
get  access  to  the  source 
code,  run  automated  code 
checks  and  provide  reli¬ 
able  results  to  software 
buyers  about  how  clean 
the  code  really  is. 

Of  course,  the  reliabil¬ 
ity  of  those  third-party 
certifiers  would  depend 
on  the  quality  of  their  test 
suites.  If  every  certifier 
gins  up  its  own  tests,  that 
quality  could  be  all  over 
the  map. 

But  it  doesn’t  have  to  be 
—  not  if  SANS  and  Mitre 
and  their  partners  sponsor 
development  of  a  standard 
test  suite  and  then  make  it 
freely  available. 

Think  about  it.  Those 
third-party  certification 
companies  would  gladly 
use  that  test  suite,  because 
the  certifiers  would  be  off 


the  hook  for  any  top-25 
errors  the  test  suite  fails 
to  find. 

Software  providers 
would  happily  use  the  test 
suite  to  make  sure  their 
code  would  achieve  third- 
party  certification  on  the 
first  pass. 

Security  companies 
would  fall  all  over  them¬ 
selves  to  discover  top-25 
errors  that  could  get  past 
the  test  suite.  They’d  issue 
their  press  releases,  the  test 
suite  would  be  updated, 
and  the  new  version  would 
be  the  new  standard. 

Companies  that  cur¬ 
rently  make  software 
testing  tools?  They  could 
integrate  the  top-25  test 
suite  with  their  own  prod¬ 
ucts,  which  customers 
would  still  buy  for  all  the 
other  code  problems  that 
those  products  catch. 

And  corporate  IT  shops 
that  think  they  can’t  af¬ 
ford  testing  tools?  They’d 
have  no  excuse  not  to  use 
the  free  top-25  test  suite. 

Developing  that  suite 
wouldn’t  be  easy  —  tech¬ 
nically  or  politically.  But 
SANS  and  Mitre  have 
already  lined  up  the  big 
players  who  can  help  make 
it  happen.  This  is  their 
chance  to  make  more- 
secure  software  a  reality. 

That  would  sure  beat 
yet  another  list.  ■ 

Frank  Hayes  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 
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